{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-52970", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-03T19:28:54.835Z", "dateReserved": "2025-03-08T00:00:00.000Z", "datePublished": "2025-03-08T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "MariaDB", "vendor": "MariaDB", "versions": [{"lessThan": "10.5.*", "status": "affected", "version": "10.4", "versionType": "custom"}, {"lessThan": "10.6.*", "status": "affected", "version": "10.6", "versionType": "custom"}, {"lessThan": "10.11.*", "status": "affected", "version": "10.7", "versionType": "custom"}, {"lessThan": "11.0.*", "status": "affected", "version": "11.0", "versionType": "custom"}, {"lessThan": "11.4.*", "status": "affected", "version": "11.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1038", "description": "CWE-1038 Insecure Automated Optimizations", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-09T21:51:34.624Z"}, "references": [{"url": "https://jira.mariadb.org/browse/MDEV-32086"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T14:51:41.279300Z", "id": "CVE-2023-52970", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T15:30:48.105Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:28:54.835Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:28:54.835Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52970", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T14:51:41.279300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T15:30:43.822Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "MariaDB", "product": "MariaDB", "versions": [{"status": "affected", "version": "10.4", "lessThan": "10.5.*", "versionType": "custom"}, {"status": "affected", "version": "10.6", "lessThan": "10.6.*", "versionType": "custom"}, {"status": "affected", "version": "10.7", "lessThan": "10.11.*", "versionType": "custom"}, {"status": "affected", "version": "11.0", "lessThan": "11.0.*", "versionType": "custom"}, {"status": "affected", "version": "11.1", "lessThan": "11.4.*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://jira.mariadb.org/browse/MDEV-32086"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1038", "description": "CWE-1038 Insecure Automated Optimizations"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-09T21:51:34.624Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52970", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:28:54.835Z", "dateReserved": "2025-03-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-08T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."}, {"lang": "es", "value": "MariaDB Server 10.4 a 10.5.*, 10.6 a 10.6.*, 10.7 a 10.11.*, 11.0 a 11.0.* y 11.1 a 11.4.* se bloquea en Item_direct_view_ref::derived_field_transformer_for_where."}], "id": "CVE-2023-52970", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-08T23:15:14.527", "references": [{"source": "cve@mitre.org", "url": "https://jira.mariadb.org/browse/MDEV-32086"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1038"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "mariadb: MariaDB Server Crash via Item_direct_view_ref", "id": "2350918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350918"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1038", "details": ["MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.", "A flaw was found in MariaDB Server. This vulnerability may allow an attacker to crash the database via Item_direct_view_ref::derived_field_transformer_for_where."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52970", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52970\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52970\nhttps://jira.mariadb.org/browse/MDEV-32086"], "threat_severity": "Moderate"}

{"created": "2025-07-12T15:42:36.045809+00:00", "updated": "2025-07-12T15:42:36.045902+00:00", "vendors": ["mariadb", "mariadb$PRODUCT$mariadb"]}