Remote Code Execution Vulnerability in MariaDB
CVE-2023-26785

9.8CRITICAL

Key Information:

Vendor: MariaDB Corporation
Status: Mariadb
Vendor: CVE Published:; 17 October 2024

🔔 Create MariaDB Corporation Vulnerability Alert

What is CVE-2023-26785?

A remote code execution vulnerability has been identified in MariaDB v10.5, arising from the improper handling of User Defined Functions (UDF) through Shared Object Files. This flaw could potentially allow an attacker to execute arbitrary code on a vulnerable server by using a crafted 'create function' statement. While the issue has sparked debate regarding the crossing of privilege boundaries, it raises significant concerns over the security of database deployments and the integrity of user data.

References

https://github.com/Ant1sec-ops/CVE-2023-26785

https://seclists.org/fulldisclosure/2012/Dec/39

EPSS Score

63% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26785 Data

JSON