Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36574

a NULL pointer dereference on tmp_table->file when computing keyuse->ref_table_rows, located in sql/sql_select.cc at line 7687

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Duplicate
    • 11.4.0, 11.8
    • N/A
    • Optimizer
    • None
    • ubuntu20.04,x86
    • Not for Release Notes

    Description

      This vulnerability occurs in MariaDB's optimize_keyuse function, located in sql/sql_select.cc at line 7687. A segmentation fault (SIGSEGV) is triggered due to a NULL pointer dereference on tmp_table->file when computing keyuse->ref_table_rows. The issue arises during the join optimization phase, where insufficient null checks on temporary table references can lead to a crash. An attacker can exploit this flaw to cause a denial-of-service (DoS) via specially crafted SQL queries.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32086 Server crash when inserting from derived table containing insert target table

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33139 Crash of INSERT SELECT when preparing structures for split optimization

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              psergei Sergei Petrunia
              yx yx
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.