CVE-2021-46664 – mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
https://notcve.org/view.php?id=CVE-2021-46664
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en la función sub_select_postjoin_aggr por un valor NULL de aggr • https://jira.mariadb.org/browse/MDEV-25761 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-476: NULL Pointer Dereference •
CVE-2021-46665 – mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
https://notcve.org/view.php?id=CVE-2021-46665
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación sql_parse.cc debido a expectativas incorrectas de used_tables • https://jira.mariadb.org/browse/MDEV-25636 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-20: Improper Input Validation •
CVE-2021-46667 – mariadb: Integer overflow in sql_lex.cc integer leading to crash
https://notcve.org/view.php?id=CVE-2021-46667
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. MariaDB versiones anteriores a 10.6.5, presenta un desbordamiento de enteros en el archivo sql_lex.cc, conllevando a un bloqueo de la aplicación An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. • https://jira.mariadb.org/browse/MDEV-26350 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-190: Integer Overflow or Wraparound •
CVE-2021-46668 – mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
https://notcve.org/view.php?id=CVE-2021-46668
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación por medio de determinadas sentencias SELECT DISTINCT largas que interactúan inapropiadamente con las limitaciones de recursos del motor de almacenamiento para las estructuras de datos temporales • https://jira.mariadb.org/browse/MDEV-25787 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-46669 – mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
https://notcve.org/view.php?id=CVE-2021-46669
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. MariaDB versiones hasta 10.5.9, permite a atacantes desencadenar un uso de memoria previamente liberada en la función convert_const_to_int es usado el tipo de datos BIGINT A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. • https://jira.mariadb.org/browse/MDEV-25638 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRJCSPQHYPKTWXXZVDMY6JAHZJQ4TZ5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHEOTQ63YWC3PGHGDFGS7AZIEXCGOPWH https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/security/cve/CVE-2021-46669 https://b • CWE-416: Use After Free •