MariaDB Server Vulnerability Leading to Service Disruption
CVE-2023-52971

4.9MEDIUM

Key Information:

Vendor: Mariadb
Status: Mariadb
Vendor: CVE Published:; 8 March 2025

What is CVE-2023-52971?

A vulnerability in MariaDB Server versions 10.10 through 10.11.* and 11.0 through 11.4.* allows for service disruptions. Specifically, the issue arises within the JOIN::fix_all_splittings_in_plan function, which can lead to server crashes. This may impact the availability of hosted applications and the integrity of data operations, necessitating prompt remediation to ensure continuous service.

Affected Version(s)

MariaDB 10.10 < 10.11.*

MariaDB 11.0 < 11.4.*

References

https://jira.mariadb.org/browse/MDEV-32084

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2025
Vulnerability Reserved
Mar 8, 2025

Mariadb

What is CVE-2023-52971?

Affected Version(s)

References

CVSS V3.1

Timeline