An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. https://jira.mariadb.org/browse/MDEV-26047
Upstream commit: https://github.com/MariaDB/server/commit/5100b20b15edd93200f34a79d25f1b14e46a677e
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090831]
Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090832]
Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090833]
Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090834]
Created mariadb:10.6/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090839]
Created mariadb:10.7/mariadb tracking bugs for this issue: Affects: fedora-all [bug 2090845]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27384