{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-52971", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-08T22:54:37.997Z", "dateReserved": "2025-03-08T00:00:00.000Z", "datePublished": "2025-03-08T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "MariaDB", "vendor": "MariaDB", "versions": [{"lessThan": "10.11.*", "status": "affected", "version": "10.10", "versionType": "custom"}, {"lessThan": "11.4.*", "status": "affected", "version": "11.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1038", "description": "CWE-1038 Insecure Automated Optimizations", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-08T22:54:37.997Z"}, "references": [{"url": "https://jira.mariadb.org/browse/MDEV-32084"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}]}}, "dataVersion": "5.1"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."}], "id": "CVE-2023-52971", "lastModified": "2025-03-08T23:15:14.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-08T23:15:14.683", "references": [{"source": "cve@mitre.org", "url": "https://jira.mariadb.org/browse/MDEV-32084"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1038"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "mariadb: MariaDB Server Crash", "id": "2350917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350917"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1038", "details": ["MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.", "A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via improper handling of join operations in JOIN::fix_all_splittings_in_plan."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52971", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52971\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52971\nhttps://jira.mariadb.org/browse/MDEV-32084"], "threat_severity": "Moderate"}