MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression (CTE).
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "sql/sql_lex.cc" }, "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400", "digest": { "line_hashes": [ "98111117393566517679651759304023085372", "304938594711446698139907843226650211733", "276479549989744167816865099922120078879", "270219840002247898028875582953023464708" ], "threshold": 0.9 }, "id": "CVE-2021-46661-84206f5b", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "target": { "function": "st_select_lex::optimize_unflattened_subqueries", "file": "sql/sql_lex.cc" }, "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400", "digest": { "function_hash": "165020614219671822891384418769980927498", "length": 1922.0 }, "id": "CVE-2021-46661-d4dba36e", "signature_version": "v1", "signature_type": "Function" } ] }