Vulnerability CVE-2021-46666: Information

Description

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-46666
Published: Feb. 1, 2022
Modified: April 13, 2022
Error type identifier: CWE-617

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mariadbsisyphus10.4.20-alt110.11.7-alt2.1ALT-PU-2021-2179-1278107Fixed
mariadbp1010.4.20-alt110.6.17-alt3ALT-PU-2021-2179-1278107Fixed
mariadbp910.4.20-alt110.4.32-alt0.M90P.1ALT-PU-2021-2236-1278143Fixed
mariadbc10f110.4.20-alt110.6.17-alt1ALT-PU-2021-2179-1278107Fixed
mariadbc9f210.4.20-alt110.6.15-alt1ALT-PU-2021-2222-1278144Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://jira.mariadb.org/browse/MDEV-25635
  • Exploit
  • Issue Tracking
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20220221-0002/
  • Third Party Advisory
https://mariadb.com/kb/en/security/
  • Patch
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      End excliding
      10.2.39
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.3.0
      End excliding
      10.3.30
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.4.0
      End excliding
      10.4.20
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.5.0
      End excliding
      10.5.11
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.6.0
      End excliding
      10.6.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top