CVE-2021-46659
mariadb: Crash executing query with VIEW, aggregate and subquery
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicaciĆ³n porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW
Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-29 CVE Reserved
- 2022-01-29 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220311-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://jira.mariadb.org/browse/MDEV-25631 | 2024-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.5.0 < 10.2.42 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.5.0 < 10.2.42" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.3.0 < 10.3.33 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3.0 < 10.3.33" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.23 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.23" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.14 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.14" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.6 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.6" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.7.0 < 10.7.2 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.7.0 < 10.7.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||