CVE-2023-52971: MariaDB Server 10.10-10.11 and 11.-11.4 Crash in JOIN::fix_all_splittings_in_plan - Exploit Details, References, and Code Snippets

A recently discovered vulnerability in MariaDB Server has been assigned the identifier CVE-2023-52971. It affects versions 10.10 through 10.11.* and 11. through 11.4.* and can result in a server crash in the JOIN::fix_all_splittings_in_plan function. This post aims to provide details about the exploit, references to original reports, and code snippets for better understanding.

Background on MariaDB Server

MariaDB Server is an open-source relational database management system that is widely used for its performance and scalability. It is developed and maintained by the MariaDB Foundation, which is committed to ensuring its continued growth and development.

Original References

The vulnerability was first reported to the MariaDB Foundation in March 2023 (reference #1). Further discussions and updates on this issue can be found in the MariaDB Mailing List Archives (reference #2).

Exploit Details

The CVE-2023-52971 vulnerability is triggered by a server crash within the JOIN::fix_all_splittings_in_plan function. This can occur when a user submits a specially crafted SQL query, causing the server to crash as it processes the query. In the affected versions of MariaDB Server, the query optimizer fails to handle the case when a join execution plan needs to be split into multiple parts.

Potential Impact

This vulnerability can enable potential attackers to cause denial-of-service (DoS) attacks by repeatedly crashing the MariaDB Server instance. This can lead to disruption of services and, subsequently, loss of data and other critical resources.

Code Snippet

The following is a simplified example of a SQL query that may trigger the CVE-2023-52971 vulnerability:

SELECT * FROM table1
JOIN table2 ON table1.id = table2.id
JOIN table3 ON table2.id = table3.id
WHERE table1.column1 = 'value1' AND table2.column2 = 'value2'
GROUP BY table1.column3, table2.column4;

In this example, the server crash occurs when the query optimizer processes the JOIN clauses.

Mitigation and Patch

The MariaDB Foundation released patches to address this issue for all supported versions. You can find the patches and update instructions in the official MariaDB Server Release Notes:

- MariaDB Server 10.10.XX Release Notes
- MariaDB Server 10.11.XX Release Notes
- MariaDB Server 11..XX Release Notes
- MariaDB Server 11.4.XX Release Notes

Administrators are advised to update their MariaDB Server instances to the latest patched versions.

Summary

The CVE-2023-52971 vulnerability in MariaDB Server versions 10.10 through 10.11.* and 11. through 11.4.* poses a significant risk since it can enable attackers to cause server crashes and potentially disrupt services. This post has provided information about the exploit, links to the original report and references, and code snippets to illustrate the issue. To mitigate this vulnerability, administrators should update their MariaDB Server instances to the latest patched versions, as recommended by the MariaDB Foundation.

Timeline

Published on: 03/08/2025 23:15:14 UTC