MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mariadb | Mariadb | 10.2.0 (including) | 10.2.43 (excluding) |
| Mariadb | Mariadb | 10.3.0 (including) | 10.3.34 (excluding) |
| Mariadb | Mariadb | 10.4.0 (including) | 10.4.24 (excluding) |
| Mariadb | Mariadb | 10.5.0 (including) | 10.5.15 (excluding) |
| Mariadb | Mariadb | 10.6.0 (including) | 10.6.7 (excluding) |
| Mariadb | Mariadb | 10.7.0 (including) | 10.7.3 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | mariadb:10.5-8060020220614163302.ad008a3a | * |
| Red Hat Enterprise Linux 8 | RedHat | mariadb:10.3-8060020220715055054.ad008a3a | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | mariadb:10.5-8040020231006044227.522a0ee4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | mariadb:10.5-8040020231006044227.522a0ee4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | mariadb:10.5-8040020231006044227.522a0ee4 | * |
| Red Hat Enterprise Linux 9 | RedHat | mariadb-3:10.5.16-2.el9_0 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-mariadb105-mariadb-3:10.5.16-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-mariadb103-mariadb-3:10.3.35-1.el7 | * |
| Mariadb-10.3 | Ubuntu | esm-apps/focal | * |
| Mariadb-10.3 | Ubuntu | focal | * |
| Mariadb-10.3 | Ubuntu | trusty | * |
| Mariadb-10.3 | Ubuntu | xenial | * |
| Mariadb-10.5 | Ubuntu | impish | * |
| Mariadb-10.5 | Ubuntu | trusty | * |
| Mariadb-10.5 | Ubuntu | xenial | * |
| Mariadb-10.6 | Ubuntu | esm-apps/jammy | * |
| Mariadb-10.6 | Ubuntu | jammy | * |
| Mariadb-10.6 | Ubuntu | kinetic | * |
| Mariadb-10.6 | Ubuntu | lunar | * |
| Mariadb-10.6 | Ubuntu | trusty | * |
| Mariadb-10.6 | Ubuntu | xenial | * |
Potential Mitigations
References
- https://jira.mariadb.org/browse/MDEV-25761
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
- https://mariadb.com/kb/en/security/
- https://security.netapp.com/advisory/ntap-20220221-0002/
- https://jira.mariadb.org/browse/MDEV-25761
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
- https://mariadb.com/kb/en/security/
- https://security.netapp.com/advisory/ntap-20220221-0002/