CVE-2023-52968

March 8, 2025, 11:15 p.m.

4.9
Medium

Description

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.

Product(s) Impacted

Product Versions
MariaDB Server
  • 10.4.33
  • 10.5.24
  • 10.6.17
  • 10.7 - 10.11.7
  • 11.0 - 11.1.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-696
Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

References

https://jira.mariadb.org/browse/MDEV-32082

Tags

cve@mitre.org
CWE-696
2025-03-08
CVE-2023-52968

CVSS Score

4.9 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: March 8, 2025, 11:15 p.m.
Last Modified: March 8, 2025, 11:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.