[MDEV-36578] a null pointer dereference in the add_key_field function in sql/sql_select.cc at line 6559 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Cannot Reproduce
Affects Version/s: 11.4.0
Fix Version/s: N/A
Component/s: Optimizer
Labels:
None
Environment:
ubuntu20.04,x86

Bug Category:
Not for Release Notes

Description

This vulnerability in MariaDB originates from a null pointer dereference in the add_key_field function in sql/sql_select.cc at line 6559. The issue occurs when the possible_keys pointer is not validated before invoking stat[0].keys.merge(possible_keys), potentially leading to a segmentation fault when executing queries involving certain join conditions. This can be exploited to cause a denial-of-service (DoS) via crafted SQL inputs.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

gdbcheck_bug854.log
9 kB
2025-04-13 09:04
bug854.sql
0.4 kB
2025-05-25 12:35

Activity

People

Assignee:: Unassigned

Reporter:: yx

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-04-13 09:04

Updated:: 2025-06-17 18:16

Resolved:: 2025-06-17 18:16

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.