Volerion logoVolerion
Volerion logoVolerion

MariaDB Server Caching_sha2_password Authentication Plugin Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in MariaDB Server versions prior to 11.4.10, 11.5.x through 11.8.x prior to 11.8.6, and 12.x prior to 12.2.2. When the caching_sha2_password authentication plugin is active and certain user accounts are configured to use it, the server can crash if a large packet is received. This occurs because the sha256_crypt_r function, which handles the authentication, uses alloca to manage the packet size. If the packet is too large, it can deplete the stack resources and cause the server to crash.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Remediation

Users can upgrade to MariaDB Server versions 11.4.10, 11.8.6, or 12.2.2 to address this vulnerability.

Added: Apr 3, 2026, 5:20 AM
Updated: Apr 3, 2026, 5:20 AM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
6.2
remediation
7.7
relevance
5.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.