CVE-2021-46667

MEDIUM

MariaDB < 10.2.41 - Denial of Service via Integer Overflow in sql_lex.cc

Title source: llm
STIX 2.1

Description

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

References (6)

Core 6
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://jira.mariadb.org/browse/MDEV-26350
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220221-0002/
Vendor Advisory x_refsource_confirm
https://mariadb.com/kb/en/security/

Scores

CVSS v3 5.5
EPSS 0.0004
EPSS Percentile 11.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (4)
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
mariadb/mariadb < 10.2.41
Published Feb 01, 2022
Tracked Since Feb 18, 2026