MariaDB Server Denial-of-Service Vulnerability in Item Direct View Reference Processing

A denial-of-service vulnerability has been identified in MariaDB Server versions 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.*. The issue causes the server to crash when processing certain SQL queries that involve derived tables and the target table of an insert operation. This crash occurs in the 'Item_direct_view_ref::derived_field_transformer_for_where' function, indicating a problem with how the server handles view references in derived tables during query execution.

Impact

Exploitation of this vulnerability leads to a server crash, causing a loss of availability and disruption of database services.

Reproduction

The vulnerability can be reproduced by creating a table and then executing an 'INSERT INTO' statement that selects data from a derived table. The derived table must reference the target table of the insert operation, which triggers the crash. This can be done using a subquery that includes the insert target table, causing the server to assert a null pointer and terminate the process.

Remediation

Users can upgrade to MariaDB versions 10.5.29, 10.6.22, 11.4.6, or 11.8.2, where this issue has been fixed.