CVE-2021-46657

Summary

CVE	CVE-2021-46657
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-01-29 23:15:00 UTC
Updated	2022-07-12 17:42:00 UTC
Description	get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mariadb	Mariadb	All	All	All	All
Application	Mariadb	Mariadb	All	All	All	All
Application	Mariadb	Mariadb	All	All	All	All
Application	Mariadb	Mariadb	All	All	All	All

References

Reference	Source	Link	Tags
[MDEV-25629] Crash in get_sort_by_table() in subquery with order by having outer ref - Jira	MISC	jira.mariadb.org
Security Vulnerabilities Fixed in MariaDB - MariaDB Knowledge Base	CONFIRM	mariadb.com
January 2022 MariaDB Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159765 Oracle Enterprise Linux Security Update for mariadb:10.3 (ELSA-2022-1556)
159775 Oracle Enterprise Linux Security Update for mariadb:10.5 (ELSA-2022-1557)
179917 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46657)
240162 Red Hat Update for rh-mariadb103-mariadb (RHSA-2022:1010)
240163 Red Hat Update for rh-mariadb105-mariadb (RHSA-2022:1007)
240239 Red Hat Update for mariadb:10.5 security (RHSA-2022:1557)
240255 Red Hat Update for mariadb:10.3 (RHSA-2022:1556)
240384 Red Hat Update for mariadb:10.3 (RHSA-2022:4818)
355322 Amazon Linux Security Advisory for mariadb : ALAS2-2023-2057
356265 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-003
377393 Alibaba Cloud Linux Security Update for mariadb:10.5 (ALINUX3-SA-2022:0034)
671836 EulerOS Security Update for mariadb (EulerOS-SA-2022-1902)
671866 EulerOS Security Update for mariadb (EulerOS-SA-2022-1939)
751802 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:0726-1)
751805 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:0725-1)
751808 OpenSUSE Security Update for mariadb (openSUSE-SU-2022:0731-1)
751811 OpenSUSE Security Update for mariadb (openSUSE-SU-2022:0725-1)
751812 OpenSUSE Security Update for mariadb (openSUSE-SU-2022:0726-1)
751841 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:0782-1)
753158 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:0731-1)
753364 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:2561-1)
900642 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (8433)
900999 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (8452-1)
940485 AlmaLinux Security Update for mariadb:10.3 (ALSA-2022:1556)
940488 AlmaLinux Security Update for mariadb:10.5 (ALSA-2022:1557)
960353 Rocky Linux Security Update for mariadb:10.5 (RLSA-2022:1557)
960427 Rocky Linux Security Update for mariadb:10.3 (RLSA-2022:1556)