{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-52969", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-03T19:28:53.463Z", "dateReserved": "2025-03-08T00:00:00.000Z", "datePublished": "2025-03-08T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "MariaDB", "vendor": "MariaDB", "versions": [{"lessThan": "10.5.*", "status": "affected", "version": "10.4", "versionType": "custom"}, {"lessThan": "10.6.*", "status": "affected", "version": "10.6", "versionType": "custom"}, {"lessThan": "10.11.*", "status": "affected", "version": "10.7", "versionType": "custom"}, {"lessThan": "11.0.*", "status": "affected", "version": "11.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1038", "description": "CWE-1038 Insecure Automated Optimizations", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-08T22:52:43.409Z"}, "references": [{"url": "https://jira.mariadb.org/browse/MDEV-32083"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T15:57:59.488189Z", "id": "CVE-2023-52969", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:58:06.577Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:28:53.463Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:28:53.463Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52969", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T15:57:59.488189Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:58:03.297Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "MariaDB", "product": "MariaDB", "versions": [{"status": "affected", "version": "10.4", "lessThan": "10.5.*", "versionType": "custom"}, {"status": "affected", "version": "10.6", "lessThan": "10.6.*", "versionType": "custom"}, {"status": "affected", "version": "10.7", "lessThan": "10.11.*", "versionType": "custom"}, {"status": "affected", "version": "11.0", "lessThan": "11.0.*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://jira.mariadb.org/browse/MDEV-32083"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1038", "description": "CWE-1038 Insecure Automated Optimizations"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-08T22:52:43.409Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52969", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:28:53.463Z", "dateReserved": "2025-03-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-08T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."}, {"lang": "es", "value": "MariaDB Server 10.4 a 10.5.*, 10.6 a 10.6.*, 10.7 a 10.11.* y 11.0 a 11.0.* a veces pueden fallar y el registro de seguimiento est\u00e1 vac\u00edo. Esto puede estar relacionado con make_aggr_tables_info y optimized_stage2."}], "id": "CVE-2023-52969", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-08T23:15:14.357", "references": [{"source": "cve@mitre.org", "url": "https://jira.mariadb.org/browse/MDEV-32083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1038"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "mariadb: MariaDB Server Crash Due to Empty Backtrace Log", "id": "2350916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350916"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1038", "details": ["MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.", "A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via an issue related to make_aggr_tables_info and optimize_stage2, resulting in an empty backtrace log."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52969", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52969\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52969\nhttps://jira.mariadb.org/browse/MDEV-32083"], "threat_severity": "Moderate"}

{"created": "2025-07-12T23:05:46.683765+00:00", "updated": "2025-07-12T23:05:46.683816+00:00", "vendors": ["mariadb", "mariadb$PRODUCT$mariadb"]}