CVE-2023-52968 - MariaDB Server Vulnerability Leading to the find_field_in_table Crash in Various Versions

A new vulnerability, known as CVE-2023-52968, has been discovered that affects the MariaDB Server in multiple version releases. In this post, we will discuss this vulnerability in detail, including the impacted software, the problem's origin, and how to exploit it. We will also provide code snippets and links to original references for further understanding.

Vulnerability Origin

The problem stems from MariaDB Server calling the function fix_fields_if_needed under mysql_derived_prepare when a derived table is not yet prepared. This can lead to a crash in the find_field_in_table function.

Exploit Details

The vulnerability can be exploited by an attacker to cause a denial of service (DoS) in the affected MariaDB Server versions. The following code snippet demonstrates how the vulnerability can be exploited:

CREATE TEMPORARY TABLE tmp_vulnerable (
  id INT,
  name VARCHAR(100)
);

INSERT INTO tmp_vulnerable (id, name)
VALUES (1, 'Alice'), (2, 'Bob');

SELECT *
FROM (
  SELECT *
  FROM tmp_vulnerable
) AS derived_table
WHERE derived_table.name = 'Alice';

In this example, the vulnerable MariaDB Server attempts to use the fix_fields_if_needed function before the derived table derived_table is fully prepared. This leads to a crash in the find_field_in_table function, resulting in a denial of service.

Mitigation

To fix this vulnerability, ensure that you are using an updated and patched version of MariaDB Server. The following versions are not affected by this vulnerability:

11.1.4

To upgrade MariaDB Server to the latest version, use the package manager for your distribution. For example, on a Debian-based system, you can use apt-get:

sudo apt-get update
sudo apt-get upgrade mariadb-server

On a Red Hat-based system, use yum

sudo yum update mariadb-server

For more details, you can refer to the following original references

- MariaDB Jira issue
- Debian Security Advisory
- Red Hat Bugzilla Entry
- NVD - National Vulnerability Database

In conclusion, CVE-2023-52968 is a critical vulnerability that affects various MariaDB Server versions. By exploiting this vulnerability, an attacker can cause a denial of service, compromising the reliability and stability of the impacted systems. It is essential to apply the necessary patches and updates to mitigate the risk associated with this vulnerability.

Timeline

Published on: 03/08/2025 23:15:13 UTC