Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-46657 (GCVE-0-2021-46657)
Vulnerability from cvelistv5 – Published: 2022-01-29 22:34 – Updated: 2024-08-04 05:10
VLAI?
EPSS
Summary
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:10:35.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mariadb.com/kb/en/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T17:34:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mariadb.com/kb/en/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mariadb.org/browse/MDEV-25629",
"refsource": "MISC",
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"name": "https://mariadb.com/kb/en/security/",
"refsource": "CONFIRM",
"url": "https://mariadb.com/kb/en/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46657",
"datePublished": "2022-01-29T22:34:28.000Z",
"dateReserved": "2022-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:10:35.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46657
Vulnerability from osv_almalinux
Published
2022-04-26 13:50
Modified
2022-04-28 12:56
Summary
Moderate: mariadb:10.5 security, bug fix, and enhancement update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)
Security Fix(es):
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
-
mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
-
mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
-
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
-
mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
-
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
-
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
-
mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)
-
mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)
-
Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.9-4.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.9-4.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER \u003cuser\u003e IDENTIFIED BY \u003cpassword\u003e command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)\n\n* mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)\n\n* Galera doesn\u0027t work without \u0027procps-ng\u0027 package MariaDB-10.5 (BZ#2050542)",
"id": "ALSA-2022:1557",
"modified": "2022-04-28T12:56:03Z",
"published": "2022-04-26T13:50:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1557.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2154"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2166"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2372"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2389"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-35604"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46657"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46658"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46662"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46666"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46667"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-21451"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27385"
}
],
"related": [
"CVE-2021-2154",
"CVE-2021-2166",
"CVE-2021-2372",
"CVE-2021-2389",
"CVE-2021-35604",
"CVE-2021-46667",
"CVE-2021-46657",
"CVE-2021-46658",
"CVE-2021-46662",
"CVE-2021-46666"
],
"summary": "Moderate: mariadb:10.5 security, bug fix, and enhancement update"
}
cve-2021-46657
Vulnerability from osv_almalinux
Published
2022-04-26 13:50
Modified
2022-04-28 12:47
Summary
Moderate: mariadb:10.3 security and bug fix update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)
Security Fix(es):
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
-
mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
-
mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
-
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
-
mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
-
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
-
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
-
mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)
-
MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2050532)
-
Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)
-
Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2050550)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25.3.34-4.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25.3.34-4.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.5.0+2632+14ced695"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.3.32-2.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER \u003cuser\u003e IDENTIFIED BY \u003cpassword\u003e command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)\n\n* MariaDB logrotate leads to \"gzip: stdin: file size changed while zipping\" (BZ#2050532)\n\n* Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)\n\n* Galera doesn\u0027t work without \u0027procps-ng\u0027 package MariaDB-10.3 (BZ#2050550)",
"id": "ALSA-2022:1556",
"modified": "2022-04-28T12:47:03Z",
"published": "2022-04-26T13:50:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1556.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2154"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2166"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2372"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2389"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-35604"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46657"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46658"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46662"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46666"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46667"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-21451"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27385"
}
],
"related": [
"CVE-2021-2154",
"CVE-2021-2166",
"CVE-2021-2372",
"CVE-2021-2389",
"CVE-2021-35604",
"CVE-2021-46667",
"CVE-2021-46657",
"CVE-2021-46658",
"CVE-2021-46662",
"CVE-2021-46666"
],
"summary": "Moderate: mariadb:10.3 security and bug fix update"
}
bit-mariadb-2021-46657
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:05
Modified
2025-04-03 14:40
Summary
Details
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mariadb",
"purl": "pkg:bitnami/mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.2.39"
},
{
"introduced": "10.3.0"
},
{
"fixed": "10.3.30"
},
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.20"
},
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.11"
},
{
"introduced": "10.6.0"
},
{
"fixed": "10.6.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-46657"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.",
"id": "BIT-mariadb-2021-46657",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:05:37.876Z",
"references": [
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"type": "WEB",
"url": "https://mariadb.com/kb/en/security/"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46657"
}
],
"schema_version": "1.5.0"
}
GSD-2021-46657
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-46657",
"description": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.",
"id": "GSD-2021-46657",
"references": [
"https://www.suse.com/security/cve/CVE-2021-46657.html",
"https://access.redhat.com/errata/RHSA-2022:1007",
"https://access.redhat.com/errata/RHSA-2022:1010",
"https://access.redhat.com/errata/RHSA-2022:1556",
"https://access.redhat.com/errata/RHSA-2022:1557",
"https://linux.oracle.com/cve/CVE-2021-46657.html",
"https://access.redhat.com/errata/RHSA-2022:4818"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-46657"
],
"details": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.",
"id": "GSD-2021-46657",
"modified": "2023-12-13T01:23:32.470318Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mariadb.org/browse/MDEV-25629",
"refsource": "MISC",
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"name": "https://mariadb.com/kb/en/security/",
"refsource": "CONFIRM",
"url": "https://mariadb.com/kb/en/security/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3.30",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.4.20",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.5.11",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.68",
"versionStartIncluding": "5.5.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.39",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46657"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mariadb.org/browse/MDEV-25629",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220221-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"name": "https://mariadb.com/kb/en/security/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mariadb.com/kb/en/security/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-13T16:39Z",
"publishedDate": "2022-01-29T23:15Z"
}
}
}
FKIE_CVE-2021-46657
Vulnerability from fkie_nvd - Published: 2022-01-29 23:15 - Updated: 2024-11-21 06:34
Severity ?
Summary
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://jira.mariadb.org/browse/MDEV-25629 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://mariadb.com/kb/en/security/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220221-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mariadb.org/browse/MDEV-25629 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mariadb.com/kb/en/security/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220221-0002/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A8538C-A05C-4806-8F31-1EF73A71B327",
"versionEndIncluding": "5.5.68",
"versionStartIncluding": "5.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8864A45-D655-4929-8EB5-DA27C953E054",
"versionEndExcluding": "10.2.39",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319143B-0EDE-4B64-9A73-EA9E93077964",
"versionEndExcluding": "10.3.30",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B67080-F16A-4FF2-910B-D1601BEFE20D",
"versionEndExcluding": "10.4.20",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1155CEAE-2FB4-4DB7-8596-D81AF7D781C6",
"versionEndExcluding": "10.5.11",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F55687-525C-4D38-A558-79BFA0A7216F",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY."
},
{
"lang": "es",
"value": "La funci\u00f3n get_sort_by_table en MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicaci\u00f3n por medio de determinados usos de ORDER BY en la subconsulta"
}
],
"id": "CVE-2021-46657",
"lastModified": "2024-11-21T06:34:32.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-29T23:15:07.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mariadb.com/kb/en/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mariadb.com/kb/en/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220221-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3QQV-WMPG-38V7
Vulnerability from github – Published: 2022-01-31 00:00 – Updated: 2022-03-17 00:06
VLAI?
Details
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-46657"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-29T23:15:00Z",
"severity": "MODERATE"
},
"details": "get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.",
"id": "GHSA-3qqv-wmpg-38v7",
"modified": "2022-03-17T00:06:08Z",
"published": "2022-01-31T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46657"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-25629"
},
{
"type": "WEB",
"url": "https://mariadb.com/kb/en/security"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220221-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…