CVE-2021-46658
Description
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.083
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-46658,CVE-2022-27379 are affected in MariaDB 10.6.2 | Windows |
| Vulnerabilities CVE-2021-46658,CVE-2021-2389,CVE-2021-2372 are fixed in MariaDB MariaDB 10.2.40 | Windows |
| Vulnerabilities CVE-2021-46658,CVE-2021-2389,CVE-2021-2372 are fixed in MariaDB MariaDB 10.3.31 | Windows |
| Vulnerabilities CVE-2021-46658,CVE-2021-2389,CVE-2021-2372 are fixed in MariaDB MariaDB 10.4.21 | Windows |
| Vulnerabilities CVE-2021-46658,CVE-2021-2389,CVE-2021-2372 are fixed in MariaDB MariaDB 10.5.12 | Windows |
| Vulnerabilities CVE-2021-46658,CVE-2021-35604 are fixed in MariaDB MariaDB 10.6.3 | Windows |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-debuginfo-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debuginfo-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debugsource-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-errormessages-10.2.43-3.47.1.noarch.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-10.2.43-3.47.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0782-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-debuginfo-10.2.43-3.47.1.x86_64.rpm | Linux |
| (RHSA-2022:1556) mariadb:10.3 security and bug fix update galera-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm | Linux |
| (RHSA-2022:1556) mariadb:10.3 security and bug fix update galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.x86_64.rpm | Linux |
| Judy update (ELSA-2022-1556) Judy-1.0.5-18.0.1.module+el8.3.0+9616+7a81225f.x86_64.rpm | Linux |
| Galera update (ELSA-2022-1556) galera-25.3.34-4.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb update (ELSA-2022-1556) mariadb-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-backup update (ELSA-2022-1556) mariadb-backup-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-common update (ELSA-2022-1556) mariadb-common-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-devel update (ELSA-2022-1556) mariadb-devel-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-embedded update (ELSA-2022-1556) mariadb-embedded-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-embedded-devel update (ELSA-2022-1556) mariadb-embedded-devel-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-errmsg update (ELSA-2022-1556) mariadb-errmsg-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-gssapi-server update (ELSA-2022-1556) mariadb-gssapi-server-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-oqgraph-engine update (ELSA-2022-1556) mariadb-oqgraph-engine-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-server update (ELSA-2022-1556) mariadb-server-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-server-galera update (ELSA-2022-1556) mariadb-server-galera-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-server-utils update (ELSA-2022-1556) mariadb-server-utils-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| Mariadb-test update (ELSA-2022-1556) mariadb-test-10.3.32-2.0.1.module+el8.5.0+20629+e1b20d6b.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9.x86_64.rpm | Linux |
| Judy update (ELSA-2022-1557) Judy-1.0.5-18.module+el8.4.0+20040+caf70fad.x86_64.rpm | Linux |
| Galera update (ELSA-2022-1557) galera-26.4.9-4.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb update (ELSA-2022-1557) mariadb-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-backup update (ELSA-2022-1557) mariadb-backup-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-common update (ELSA-2022-1557) mariadb-common-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-devel update (ELSA-2022-1557) mariadb-devel-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-embedded update (ELSA-2022-1557) mariadb-embedded-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-embedded-devel update (ELSA-2022-1557) mariadb-embedded-devel-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-errmsg update (ELSA-2022-1557) mariadb-errmsg-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-gssapi-server update (ELSA-2022-1557) mariadb-gssapi-server-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-oqgraph-engine update (ELSA-2022-1557) mariadb-oqgraph-engine-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-pam update (ELSA-2022-1557) mariadb-pam-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-server update (ELSA-2022-1557) mariadb-server-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-server-galera update (ELSA-2022-1557) mariadb-server-galera-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-server-utils update (ELSA-2022-1557) mariadb-server-utils-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| Mariadb-test update (ELSA-2022-1557) mariadb-test-10.5.13-1.module+el8.5.0+20630+d7805586.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update Judy-debugsource-1.0.5-18.module+el8.4.0+9031+9abc7af9.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update galera-debugsource-26.4.9-4.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-backup-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-debugsource-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-embedded-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-embedded-devel-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-errmsg-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-gssapi-server-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-oqgraph-engine-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-pam-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-server-galera-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-server-utils-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| (RHSA-2022:1557) mariadb:10.5 security, bug fix, and enhancement update mariadb-test-10.5.13-1.module+el8.5.0+14125+d11efe18.x86_64.rpm | Linux |
| Vulnerability CVE-2021-46658,CVE-2022-27379 are affected in MariaDB 10.6.2 (For Linux) | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-backup-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-common-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-connect-engine-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-cracklib-password-check-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-devel-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-errmsg-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-gssapi-server-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-oqgraph-engine-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-pam-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-rocksdb-engine-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-server-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-server-utils-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-sphinx-engine-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
| mariadb105 Security Update (ALAS2023-2023-037) mariadb105-test-10.5.16-1.amzn2023.0.7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234