MariaDB Server Vulnerability Leading to Crashes
CVE-2023-52970

4.9MEDIUM

Key Information:

Vendor: Mariadb
Status: Mariadb
Vendor: CVE Published:; 8 March 2025

What is CVE-2023-52970?

A vulnerability in MariaDB Server exists that can lead to unexpected crashes during the execution of specific operations related to the derived_field_transformer_for_where function in Item_direct_view_ref. This issue can severely disrupt database operations, affecting service availability for affected users. To mitigate risks, users should ensure they are running versions of MariaDB Server that are not impacted by this flaw.

Affected Version(s)

MariaDB 10.4 < 10.5.*

MariaDB 10.6 < 10.6.*

MariaDB 10.7 < 10.11.*

References

https://jira.mariadb.org/browse/MDEV-32086

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2025
Vulnerability Reserved
Mar 8, 2025

Mariadb

What is CVE-2023-52970?

Affected Version(s)

References

CVSS V3.1

Timeline