CVE-2021-46668
- Source
- https://cve.org/CVERecord?id=CVE-2021-46668
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46668.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-46668
- Aliases
- Downstream
- Related
- Published
- 2022-02-01T02:15:07.127Z
- Modified
- 2026-04-16T00:02:03.710276089Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "34" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "35" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "36" } ] } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
- https://security.netapp.com/advisory/ntap-20220221-0002/
- https://jira.mariadb.org/browse/MDEV-25787
- https://mariadb.com/kb/en/security/
Affected packages
Git / github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "10.2.0" }, { "fixed": "10.2.43" }, { "introduced": "10.3.0" }, { "fixed": "10.3.34" }, { "introduced": "10.4.0" }, { "fixed": "10.4.24" }, { "introduced": "10.5.0" }, { "fixed": "10.5.15" }, { "introduced": "10.6.0" }, { "fixed": "10.6.7" }, { "introduced": "10.7.0" }, { "fixed": "10.7.3" } ] }
Affected versions
mariadb-10.*
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.30
mariadb-10.2.31
mariadb-10.2.39
mariadb-10.2.40
mariadb-10.2.42
mariadb-10.2.5
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.12
mariadb-10.3.16
mariadb-10.3.17
mariadb-10.3.18
mariadb-10.3.19
mariadb-10.3.2
mariadb-10.3.20
mariadb-10.3.21
mariadb-10.3.26
mariadb-10.3.30
mariadb-10.3.31
mariadb-10.3.33
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.4.10
mariadb-10.4.11
mariadb-10.4.20
mariadb-10.4.21
mariadb-10.4.22
mariadb-10.4.23
mariadb-10.4.3
mariadb-10.4.4
mariadb-10.4.5
mariadb-10.4.7
mariadb-10.4.9
mariadb-10.5.0
mariadb-10.5.11
mariadb-10.5.12
mariadb-10.5.13
mariadb-10.5.14
mariadb-10.5.2
mariadb-10.5.4
mariadb-10.6.0
mariadb-10.6.1
mariadb-10.6.2
mariadb-10.6.3
mariadb-10.6.4
mariadb-10.6.5
mariadb-10.6.6
mariadb-10.7.1
mariadb-10.7.2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46668.json"
vanir_signatures_modified
"2026-04-12T05:16:05Z"
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
"id": "CVE-2021-46668-84206f5b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"98111117393566517679651759304023085372",
"304938594711446698139907843226650211733",
"276479549989744167816865099922120078879",
"270219840002247898028875582953023464708"
]
},
"deprecated": false,
"target": {
"file": "sql/sql_lex.cc"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://github.com/mariadb/server/commit/3a52569499e2f0c4d1f25db1e81617a9d9755400",
"id": "CVE-2021-46668-d4dba36e",
"digest": {
"function_hash": "165020614219671822891384418769980927498",
"length": 1922.0
},
"deprecated": false,
"target": {
"function": "st_select_lex::optimize_unflattened_subqueries",
"file": "sql/sql_lex.cc"
},
"signature_type": "Function"
}
]