Primary

Context

MariaDB Server Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in MariaDB Server versions 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.*. Under certain conditions, the server can crash without generating a backtrace log. This issue may be associated with the 'make_aggr_tables_info' function and the second stage of query optimization.

Impact

Exploitation of this vulnerability can lead to a server crash, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by creating a system-versioned table and then executing a 'REPLACE INTO' statement that selects data from a derived table which references the target table. This operation can trigger a crash if the server's query optimization process encounters certain conditions.

Remediation

Users can upgrade to MariaDB Server versions 10.5.29, 10.6.22, 10.11.12, or 11.8.2 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MariaDB Server Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating