CVE-2023-52970: 
MariaDB Server 脆弱性の分析と軽減

MariaDB Server versions ranging from 10.4 through 11.4.* are affected by a vulnerability that causes crashes in the Item_direct_view_ref::derived_field_transformer_for_where component. The vulnerability was disclosed on March 8, 2025, and has been assigned identifier CVE-2023-52970 (CVE Details, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability is network-accessible, requires high privileges to exploit, needs no user interaction, and can result in high impact on availability while having no impact on confidentiality or integrity. The vulnerability is classified under CWE-1038 (Insecure Automated Optimizations) (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause the MariaDB Server to crash, potentially leading to service disruption. The CVSS scoring indicates there is no impact on data confidentiality or integrity (Snyk).

As of March 2025, there is no fixed version available for the affected MariaDB Server versions. The vulnerability affects versions 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4.* (Ubuntu Security).