MariaDB 10.7

mariadb: lack of validating the existence of an object prior to performing operations on the object

mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

mariadb: CONNECT storage engine heap-based buffer overflow

mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

mariadb: incorrect key in "dup value" error after long unique

mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order

mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

mariadb: assertion failure in sql/item_func.cc

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc

mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

mariadb: crash via component Item_subselect::init_expr_cache_tracker

mariadb: server crash in create_tmp_table::finalize

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

mariadb: use-after-poison in Binary_string::free_buffer

mariadb: assertion failure in compare_order_elements

mariadb: crash via window function in expression in ORDER BY

mariadb: assertion failure in sql/item_cmpfunc.cc

mariadb: crash when using HAVING with IS NULL predicate in an equality

mariadb: crash in multi-update and implicit grouping

mariadb: use-after-poison when complex conversion is involved in blob

mariadb: server crash at Field::set_default via specially crafted SQL statements

mariadb: assertion failures in decimal_bin_size

mariadb: server crash at my_decimal::operator=

mariadb: assertion failure in Item_args::walk_arg

mariadb: server crash in component arg_comparator::compare_real_fixed

mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc

mariadb: segmentation fault via the component sub_select

mariadb: server crash in JOIN_CACHE::free or in copy_fields

mariadb: server crash in Item_args::walk_args

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

mariadb: server crash in st_select_lex_unit::exclude_level

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

mariadb: server crash at Item_subselect::init_expr_cache_tracker

mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

mariadb: Crash executing query with VIEW, aggregate and subquery

mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements

mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

mariadb: compress_write() fails to release mutex on failure

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

mysql: C API unspecified vulnerability (CPU Oct 2022)