Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities



The remote database server is affected by multiple denial of service vulnerabilities.


MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.36, and is therefore likely to contain the following denial of service vulnerabilities:

- null-pointer dereference error when handling a specially crafted SELECT statement with subqueries (though this requires 'materialization' and 'semijoin' optimizer switches to be on).

- DoS vulnerability when handling KILL QUERY statements with certain concurrent SQL queries.

- DoS vulnerability when parsing specially crafted NAME_CONST expression containing AND/OR expressions.

- DoS vulnerability due to assertion failure when parsing specially crafted SELECT expression containing an invalid GROUP BY value.

- DoS vulnerability when handling specially crafted SELECT expression with JOIN phrases (though, successful exploitation requires 'sql_mode' setting to be set to 'ONLY_FULL_GROUP_BY').

- DoS vulnerability when handling concurrent UPDATE statements.

- Other attacks may be possible.


Upgrade to version 5.5.36, or higher, to address these vulnerabilities.