CVE-2021-46669 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-46669?

CVE-2021-46669 has a CVSS score of 7.5 (HIGH). This CVE describes a use-after-free vulnerability in MariaDB's BIGINT data type handling that allows attackers to potentially crash the database server or execute arbitrary code. It affects MariaDB versions through 10.5.9. Database administrators running vulnerable versions should prioritize patching.

📋 TL;DR

This CVE describes a use-after-free vulnerability in MariaDB's BIGINT data type handling that allows attackers to potentially crash the database server or execute arbitrary code. It affects MariaDB versions through 10.5.9. Database administrators running vulnerable versions should prioritize patching.

💻 Affected Systems

Products:

MariaDB

Versions: MariaDB through version 10.5.9

Operating Systems: All operating systems running affected MariaDB versions

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using BIGINT data types are potentially vulnerable. The vulnerability exists in the core database engine.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete database compromise, data theft, or server takeover.

🟠

Likely Case

Database server crash causing denial of service and potential data corruption.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal attack surface exposure.

🌐 Internet-Facing: HIGH - MariaDB instances exposed to untrusted networks are vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The vulnerability requires specific BIGINT data type usage to trigger. No public exploit code has been identified, but the vulnerability is remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MariaDB 10.5.10 and later

Vendor Advisory: https://mariadb.com/kb/en/security/

Restart Required: Yes

Instructions:

1. Backup your database. 2. Stop MariaDB service. 3. Upgrade to MariaDB 10.5.10 or later using your package manager. 4. Restart MariaDB service. 5. Verify the upgrade was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MariaDB to only trusted IP addresses and applications.

Configure firewall rules to limit MariaDB port (default 3306) access

Database User Privilege Reduction

all

Minimize privileges for database users to reduce attack surface.

REVOKE unnecessary privileges from database users

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to isolate MariaDB servers
Monitor for unusual database crashes or performance anomalies

🔍 How to Verify

Check if Vulnerable:

Check MariaDB version: If version is 10.5.9 or earlier, the system is vulnerable.

Check Version:

mysql --version | grep -i mariadb

Verify Fix Applied:

Verify MariaDB version is 10.5.10 or later after patching.

📡 Detection & Monitoring

Log Indicators:

Unexpected MariaDB crashes
Error messages related to convert_const_to_int
Segmentation fault errors in MariaDB logs

Network Indicators:

Unusual queries involving BIGINT data types from unexpected sources

SIEM Query:

source="mariadb.log" AND ("segmentation fault" OR "convert_const_to_int" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2021-46669

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

Published: February 1, 2022

Last Updated: November 21, 2024

🔗 References

https://jira.mariadb.org/browse/MDEV-25638 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRJCSPQHYPKTWXXZVDMY6JAHZJQ4TZ5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHEOTQ63YWC3PGHGDFGS7AZIEXCGOPWH/
https://mariadb.com/kb/en/security/ Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20220221-0002/ Third Party Advisory
https://jira.mariadb.org/browse/MDEV-25638 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRJCSPQHYPKTWXXZVDMY6JAHZJQ4TZ5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHEOTQ63YWC3PGHGDFGS7AZIEXCGOPWH/
https://mariadb.com/kb/en/security/ Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20220221-0002/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46669, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Fedora by Fedoraproject

Fedora by Fedoraproject

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

Mariadb by Mariadb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Database User Privilege Reduction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities