MariaDB Server Denial-of-Service Vulnerability in Derived Table Handling

A denial-of-service vulnerability has been identified in MariaDB Server versions 10.4 prior to 10.4.33, 10.5 prior to 10.5.24, 10.6 prior to 10.6.17, 10.7 through 10.11 prior to 10.11.7, 11.0 prior to 11.0.5, and 11.1 prior to 11.1.4. The issue arises when the server processes derived tables that are not yet prepared, leading to a crash. This occurs because the server incorrectly handles the 'NOW' keyword as a field name in this context, causing an assertion failure and a subsequent segmentation fault.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by creating a system-versioned table and then executing a SELECT query that references the table for system time as of now. This triggers the issue by causing the server to attempt to resolve a derived table that has not been properly prepared, leading to a crash.

Remediation

Users can upgrade to MariaDB Server versions 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, or 11.1.4 to address this vulnerability.