Incorrect Behavior Order Affecting MariaDB/server package, versions [10.4.0,10.4.33)[10.5.0,10.5.24)[10.6.0,10.6.17)[10.7.1,10.11.7)[11.0.1,11.0.5)[11.1.1,11.1.4)

Q: How to fix?

Upgrade MariaDB/server to version 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4 or higher.

Threat Intelligence

Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-MARIADBSERVER-9376931
published10 Mar 2025
disclosed8 Mar 2025
creditjiaqi

Report a new vulnerability Found a mistake?

Introduced: 8 Mar 2025

NewCVE-2023-52968 (opens in a new tab) CWE-696 (opens in a new tab)

How to fix?

Upgrade MariaDB/server to version 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4 or higher.

Overview

Affected versions of this package are vulnerable to Incorrect Behavior Order due to calling fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared. An attacker can cause the application to crash by exploiting the sequence of calls that lead to find_field_in_table crashing.

PoC

CREATE TABLE t1 ( i int) WITH SYSTEM VERSIONING ;
SELECT * FROM (SELECT 1 FROM t1) FOR system_time AS OF now ca4;

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
High
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None