Remote Code Execution Vulnerability in MariaDB
CVE-2023-26785

Currently unrated

Key Information:

Vendor: MariaDB Corporation
Status: Mariadb
Vendor: CVE Published:; 17 October 2024

🔔 Create MariaDB Corporation Vulnerability Alert

What is CVE-2023-26785?

A remote code execution vulnerability has been identified in MariaDB v10.5, arising from the improper handling of User Defined Functions (UDF) through Shared Object Files. This flaw could potentially allow an attacker to execute arbitrary code on a vulnerable server by using a crafted 'create function' statement. While the issue has sparked debate regarding the crossing of privilege boundaries, it raises significant concerns over the security of database deployments and the integrity of user data.

References

https://github.com/Ant1sec-ops/CVE-2023-26785

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Feb 27, 2023