{ "threat_severity" : "Moderate", "public_date" : "2025-03-08T00:00:00Z", "bugzilla" : { "description" : "mariadb: MariaDB Server Crash Due to Empty Backtrace Log", "id" : "2350916", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2350916" }, "cvss3" : { "cvss3_base_score" : "4.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1038", "details" : [ "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.", "A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via an issue related to make_aggr_tables_info and optimize_stage2, resulting in an empty backtrace log." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-06T00:00:00Z", "advisory" : "RHSA-2026:0136", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "mariadb10.11-3:10.11.15-1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0376", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "mariadb10.11-3:10.11.15-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19572", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mariadb:10.5-8100020251001104911.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6435", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mariadb:10.11-8100020260219154532.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19584", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "galera-0:26.4.22-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19584", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "mariadb-3:10.5.29-2.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0247", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "mariadb:10.11-9070020251202135752.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0335", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "mariadb:10.11-9040020251210090406.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0334", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "mariadb:10.11-9060020251210150813.rhel9" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "mariadb", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mariadb:10.3/mariadb", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52969\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52969\nhttps://jira.mariadb.org/browse/MDEV-32083" ], "name" : "CVE-2023-52969", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }