Bug 2350916 (CVE-2023-52969)

Summary: CVE-2023-52969 mariadb: MariaDB Server Crash Due to Empty Backtrace Log
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mschorm
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via an issue related to make_aggr_tables_info and optimize_stage2, resulting in an empty backtrace log.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2351039, 2351040    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-08 23:00:58 UTC 
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
Comment 2 Michal Schorm 2025-06-16 14:10:22 UTC 
MariaDB upstream claims this CVE to be fixed in:
  MariaDB 10.5.29
  MariaDB 10.11.12
  MariaDB 11.4.6

https://mariadb.com/kb/en/security/

--

MariaDB versions currently present in RHEL:
  RHEL 10.0:  10.11.11
  RHEL 9.5.Z: 10.11.10
              10.5.27
  RHEL 8.10.Z 10.5.27