[MDEV-38365] SHA2 auth plugin crash on large packets - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 11.4, 11.8
Fix Version/s: 11.4.10, 11.8.6, 12.2.2
Component/s: Authentication and Privilege System
Labels:
- docs_ok
- docs_releasenotes

Bug Category:
Can result in hang or crash
Release Note Summary:
The authentication plugin caching_sha2_password can crash on large packets
Sprint:
Q1/2026 Server Maintenance

Description

plugin's auth() function sends the packet to sha256_crypt_r() which uses alloca() to get the buffer of the packet's size. If the packet is too big, this will exhaust the stack and crash

Reported by Pavel Kohout, Aisle Research.

Attachments

Issue Links

links to

CVE-2026-35549

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2025-12-17 21:19

Updated:: 2026-04-05 13:25

Resolved:: 2026-01-24 10:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.