CWE-1038
Insecure Automated Optimizations
ClassDraftLikelihood: Low
Description
The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.
Hierarchy (View 1000)
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52971 | Med | 0.32 | 4.9 | 0.00 | Mar 8, 2025 | MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | |
| CVE-2023-52970 | Med | 0.32 | 4.9 | 0.00 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. | |
| CVE-2023-52969 | Med | 0.32 | 4.9 | 0.00 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. |