ALAS2-2023-2057 --- mariadbID: oval:org.secpod.oval:def:1701336 | Date: (C)2023-06-13 (M)2024-06-24 |
Class: PATCH | Family: unix |
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression . MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service via specially crafted SQL statements. An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service via specially crafted SQL statements. MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock