CVE-2026-32710

Medienbericht

EPSS 0.1%
Veröffentlicht 20.03.2026 18:31:48
Zuletzt bearbeitet 31.03.2026 21:13:18
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Heap-based Buffer Overflow in MariaDB

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mariadb ≫ Mariadb Version >= 11.4.1 < 11.4.10

Mariadb ≫ Mariadb Version >= 11.8.1 < 11.8.6

Mariadb ≫ Mariadb Version12.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.267

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	8.5	1.8	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Media Report

https://www.heise.de/news/Datenbankmanagementsystem-MariaDB-kann-crashen-oder-Schadcode-auf-Systeme-lassen-11224256.html

Media Report

https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc

Vendor Advisory

https://jira.mariadb.org/browse/MDEV-38356

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-32710

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32710

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32710

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32710