← Back to home
wid-sec-w-2026-0972  ·  Published 2026-04-06  ·  View on BSI CERT-Bund ↗

MariaDB: Vulnerability allows Denial of Service

CVSS 6.5 MEDIUM

Risk Summary

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.

CVEs (1)

Affected Vendors

MariaDB Microsoft

Affected Products (7)

MariaDB · MariaDB <11.4.10
MariaDB · MariaDB 11.4.10
MariaDB · MariaDB <11.8.6
MariaDB · MariaDB 11.8.6
MariaDB · MariaDB <12.2.2
MariaDB · MariaDB 12.2.2
Microsoft · Azure Linux azl3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more