Fluid Attacks Database

Description

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	mariadb-10.5	=1:10.5.11-1 \|\| =1:10.5.12-0+deb11u1 \|\| =1:10.5.12-1 \|\| =1:10.5.13-0+deb11u1 \|\| =1:10.5.15-0+deb11u1 \|\| >=0 <1:10.5.18-0+deb11u1	1:10.5.18-0+deb11u1
rpm rhel9	mariadb	<3:10.5.16-2.el9_0	3:10.5.16-2.el9_0
rpm rhel8	mariadb	<3:10.3.35-1.module+el8.6.0+15949+4ba4ec26	3:10.3.35-1.module+el8.6.0+15949+4ba4ec26
rpm rhel7	mariadb	-	-

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.