MariaDB Server Denial-of-Service Vulnerability in JOIN Optimization
Vulnerability
A denial-of-service vulnerability has been identified in MariaDB Server versions 10.10 through 10.11.*, as well as 11.0 through 11.4.*. The issue arises in the JOIN optimization process, specifically within the 'fix_all_splittings_in_plan' function, where certain queries can trigger a crash. This vulnerability is related to how the optimizer handles subqueries involving outer joins, leading to an assertion failure and server crash.
Impact
Exploitation of this vulnerability causes the MariaDB server to crash, terminating the database process and potentially disrupting services that rely on the database.
Reproduction
The vulnerability can be reproduced by executing a SELECT statement that includes a subquery using a LEFT JOIN, where the ON clause references columns in a way that creates a dependency loop. This can be done by joining tables on columns that are not properly aligned with the join order, causing the optimizer to fail an assertion and crash the server.
Remediation
Users can upgrade to MariaDB versions 10.11.12, 11.4.6, or 11.8.2 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.