CVE-2023-52970 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
mitre	CNA	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
mariadb	mariadb	10.4 ≤ 𝑥 < 10.6.0	CNA
mariadb	mariadb	10.6 ≤ 𝑥 < 10.7.0	CNA
mariadb	mariadb	10.7 ≤ 𝑥 < 10.12.0	CNA
mariadb	mariadb	11.0 ≤ 𝑥 < 11.1.0	CNA
mariadb	mariadb	11.1 ≤ 𝑥 < 11.5.0	CNA

openSUSE / SLES Releases

openSUSE Product

Release

libmariadbd-devel

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

libmariadbd19

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

mariadb

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

mariadb-client

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

mariadb-errormessages

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

mariadb-tools

suse enterprise sap 15 SP6	10.11.14-150600.4.14.1 fixed
suse enterprise server 15 SP3	10.5.29-150300.3.55.1 fixed
suse enterprise server 15 SP4	10.6.23-150400.3.40.1 fixed
suse enterprise server 15 SP6	10.11.14-150600.4.14.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

galera

RHEL 9

0:26.4.22-1.el9_6

fixed

mariadb

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-backup

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-common

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-devel

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-embedded

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-embedded-devel

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-errmsg

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-gssapi-server

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-oqgraph-engine

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-pam

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-server

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-server-galera

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-server-utils

RHEL 9

3:10.5.29-2.el9_6

fixed

mariadb-test

RHEL 9

3:10.5.29-2.el9_6

fixed

Common Weakness Enumeration

CWE-1038 - Insecure Automated Optimizations
The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

References

https://jira.mariadb.org/browse/MDEV-32086

https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html