CVE-2021-46661

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-46661

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46661.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-46661

Aliases

Downstream

ALPINE-CVE-2021-46661

BELL-CVE-2021-46661

DEBIAN-CVE-2021-46661

OESA-2022-1587

RHSA-2022:5759

RHSA-2022:5826

RHSA-2022:5948

RHSA-2022:6306

RHSA-2022:6443

RHSA-2023:6821

RLSA-2022:5826

RLSA-2022:5948

RLSA-2022:6443

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2022:0725-1

SUSE-SU-2022:0726-1

SUSE-SU-2022:0731-1

SUSE-SU-2022:0731-2

SUSE-SU-2022:0782-1

SUSE-SU-2022:2561-1

UBUNTU-CVE-2021-46661

USN-5305-1

openSUSE-SU-2022:0731-1

openSUSE-SU-2024:11867-1

Related

Published

2022-02-01T02:15:06.787Z

Modified

2026-02-07T05:23:16.053541Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression (CTE).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type: GIT
Repo: https://github.com/mariadb/server
Events: Introduced

7c7f9bef28aa566557da31402142f6dd8298ddd2

Fixed

08d43f357b310e015dd58ba5dab7331e89483ba4

Introduced

c761b43451d54eeeecdf3c102906fcce88d4e9d9

Fixed

25ebbdfd85ab3b96a20adfb762fa1e608aace26b

Fixed

2aa8e7d6db3bcb0019d23882d29251d8969fbe61

Introduced

9664240c948a92c22ccda0e1f5a420eb776ddcb1

Fixed

3a52569499e2f0c4d1f25db1e81617a9d9755400

Introduced

20ae591abd0bfe1bfaee546989ee163f4ef832b1

Fixed

a36fc80aeb3f835fad02f443d65dc608b74b92d1

Introduced

1a647b700f6b72dc97211510a5d0c647d5d3d911

Fixed

e608e40c239c30a2ec65db6034c0f8685e66840b

Affected versions

mariadb-10.*

mariadb-10.1.44

mariadb-10.1.45

mariadb-10.1.46

mariadb-10.1.47

mariadb-10.2.30

mariadb-10.2.31

mariadb-10.2.32

mariadb-10.2.33

mariadb-10.2.34

mariadb-10.2.35

mariadb-10.2.36

mariadb-10.2.37

mariadb-10.2.38

mariadb-10.2.39

mariadb-10.2.40

mariadb-10.2.41

mariadb-10.2.42

mariadb-10.5.0

mariadb-5.*

mariadb-5.5.67

mariadb-5.5.68

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
        "id": "CVE-2021-46661-84206f5b",
        "target": {
            "file": "sql/sql_lex.cc"
        },
        "digest": {
            "line_hashes": [
                "98111117393566517679651759304023085372",
                "304938594711446698139907843226650211733",
                "276479549989744167816865099922120078879",
                "270219840002247898028875582953023464708"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
        "id": "CVE-2021-46661-d4dba36e",
        "target": {
            "file": "sql/sql_lex.cc",
            "function": "st_select_lex::optimize_unflattened_subqueries"
        },
        "digest": {
            "function_hash": "165020614219671822891384418769980927498",
            "length": 1922.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46661.json"