CVE-2021-46661

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-46661

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46661.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-46661

Aliases

Downstream

ALPINE-CVE-2021-46661

DEBIAN-CVE-2021-46661

OESA-2022-1587

RHSA-2022:5759

RHSA-2022:5826

RHSA-2022:5948

RHSA-2022:6306

RHSA-2022:6443

RHSA-2023:6821

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2022:0725-1

SUSE-SU-2022:0726-1

SUSE-SU-2022:0731-1

SUSE-SU-2022:0731-2

SUSE-SU-2022:0782-1

SUSE-SU-2022:2561-1

UBUNTU-CVE-2021-46661

USN-5305-1

openSUSE-SU-2022:0731-1

openSUSE-SU-2024:11867-1

Related

Published

2022-02-01T02:15:06Z

Modified

2025-10-15T13:52:46.569688Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression (CTE).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type: GIT
Repo: https://github.com/mariadb/server
Events: Introduced

9664240c948a92c22ccda0e1f5a420eb776ddcb1

Fixed

3a52569499e2f0c4d1f25db1e81617a9d9755400

Affected versions

mariadb-10.*

mariadb-10.0.25

mariadb-10.0.26

mariadb-10.0.27

mariadb-10.0.28

mariadb-10.0.29

mariadb-10.0.30

mariadb-10.0.31

mariadb-10.0.32

mariadb-10.0.33

mariadb-10.0.34

mariadb-10.0.35

mariadb-10.0.36

mariadb-10.0.37

mariadb-10.0.38

mariadb-10.1.14

mariadb-10.1.15

mariadb-10.1.16

mariadb-10.1.17

mariadb-10.1.18

mariadb-10.1.19

mariadb-10.1.20

mariadb-10.1.21

mariadb-10.1.22

mariadb-10.1.23

mariadb-10.1.24

mariadb-10.1.25

mariadb-10.1.26

mariadb-10.1.27

mariadb-10.1.28

mariadb-10.1.29

mariadb-10.1.30

mariadb-10.1.31

mariadb-10.1.32

mariadb-10.1.33

mariadb-10.1.34

mariadb-10.1.35

mariadb-10.1.36

mariadb-10.1.37

mariadb-10.1.38

mariadb-10.1.39

mariadb-10.1.40

mariadb-10.1.41

mariadb-10.1.42

mariadb-10.1.43

mariadb-10.1.44

mariadb-10.1.45

mariadb-10.1.46

mariadb-10.1.47

mariadb-10.2.0

mariadb-10.2.1

mariadb-10.2.10

mariadb-10.2.11

mariadb-10.2.12

mariadb-10.2.13

mariadb-10.2.14

mariadb-10.2.15

mariadb-10.2.16

mariadb-10.2.17

mariadb-10.2.18

mariadb-10.2.19

mariadb-10.2.2

mariadb-10.2.20

mariadb-10.2.21

mariadb-10.2.22

mariadb-10.2.23

mariadb-10.2.24

mariadb-10.2.25

mariadb-10.2.26

mariadb-10.2.27

mariadb-10.2.28

mariadb-10.2.29

mariadb-10.2.3

mariadb-10.2.30

mariadb-10.2.31

mariadb-10.2.32

mariadb-10.2.33

mariadb-10.2.34

mariadb-10.2.35

mariadb-10.2.36

mariadb-10.2.37

mariadb-10.2.38

mariadb-10.2.39

mariadb-10.2.4

mariadb-10.2.40

mariadb-10.2.41

mariadb-10.2.42

mariadb-10.2.5

mariadb-10.2.6

mariadb-10.2.7

mariadb-10.2.8

mariadb-10.2.9

mariadb-5.*

mariadb-5.5.49

mariadb-5.5.50

mariadb-5.5.51

mariadb-5.5.52

mariadb-5.5.53

mariadb-5.5.54

mariadb-5.5.55

mariadb-5.5.56

mariadb-5.5.57

mariadb-5.5.58

mariadb-5.5.59

mariadb-5.5.60

mariadb-5.5.61

mariadb-5.5.62

mariadb-5.5.63

mariadb-5.5.64

mariadb-5.5.65

mariadb-5.5.66

mariadb-5.5.67

mariadb-5.5.68

mariadb-galera-10.*

mariadb-galera-10.0.25

mariadb-galera-10.0.26

mariadb-galera-10.0.27

mariadb-galera-10.0.28

mariadb-galera-10.0.29

mariadb-galera-10.0.30

mariadb-galera-10.0.31

mariadb-galera-10.0.32

mariadb-galera-10.0.33

mariadb-galera-10.0.34

mariadb-galera-10.0.35

mariadb-galera-10.0.36

mariadb-galera-10.0.37

mariadb-galera-5.*

mariadb-galera-5.5.49

mariadb-galera-5.5.50

mariadb-galera-5.5.51

mariadb-galera-5.5.52

mariadb-galera-5.5.53

mariadb-galera-5.5.54

mariadb-galera-5.5.55

mariadb-galera-5.5.56

mariadb-galera-5.5.57

mariadb-galera-5.5.58

mariadb-galera-5.5.59

mariadb-galera-5.5.60

mariadb-galera-5.5.61

mariadb-galera-5.5.62

mysql-5.*

mysql-5.5.49

mysql-5.5.50

mysql-5.5.51

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

mysql-5.5.55

mysql-5.5.56

mysql-5.5.57

mysql-5.5.58

mysql-5.5.59

mysql-5.5.60

mysql-5.5.61

mysql-5.5.62

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "98111117393566517679651759304023085372",
                "304938594711446698139907843226650211733",
                "276479549989744167816865099922120078879",
                "270219840002247898028875582953023464708"
            ]
        },
        "id": "CVE-2021-46661-84206f5b",
        "target": {
            "file": "sql/sql_lex.cc"
        },
        "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "165020614219671822891384418769980927498",
            "length": 1922.0
        },
        "id": "CVE-2021-46661-d4dba36e",
        "target": {
            "function": "st_select_lex::optimize_unflattened_subqueries",
            "file": "sql/sql_lex.cc"
        },
        "source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false
    }
]