Medium severity6.5NVD Advisory· Published Apr 3, 2026· Updated Jun 2, 2026
CVE-2026-35549
CVE-2026-35549
Description
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords13 versionspkg:apk/chainguard/mariadb-10.11pkg:apk/chainguard/mariadb-10.6pkg:apk/wolfi/mariadb-10.11pkg:apk/wolfi/mariadb-10.6pkg:bitnami/mariadbpkg:bitnami/mariadb-minpkg:bitnami/mysql-clientpkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 0+ 12 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 11.4.10
- (no CPE)range: < 11.4.10
- (no CPE)range: < 11.4.10
- (no CPE)range: < 11.8.8-160000.1.1
- (no CPE)range: < 11.8.7-1.1
- (no CPE)range: < 11.8.8-150700.3.15.1
- (no CPE)range: < 11.8.8-150700.3.15.1
- (no CPE)range: < 11.8.8-160000.1.1
- (no CPE)range: < 11.8.8-160000.1.1
Patches
Vulnerability mechanics
References
1- jira.mariadb.org/browse/MDEV-38365nvdIssue Tracking
News mentions
0No linked articles in our index yet.