CVE-2026-35549
Stack-Based Buffer Overflow in MariaDB caching_sha2_password Plugin
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mariadb | mariadb_server | From 12.0.0 (inc) to 12.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35549 is a vulnerability in the MariaDB Server's caching_sha2_password authentication plugin. When this plugin processes very large packets, it uses the sha256_crypt_r function, which internally allocates memory on the stack using alloca(). If the packet is too large, this dynamic stack allocation can exhaust the available stack space, causing the server to crash or hang.
This issue affects MariaDB Server versions before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2, and has been fixed in those later versions.
How can this vulnerability impact me? :
This vulnerability can cause the MariaDB Server to crash or hang during authentication if it receives a large packet while using the caching_sha2_password plugin. This can lead to server instability and potential denial of service, disrupting database availability and operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a crash or hang of the MariaDB Server when the caching_sha2_password authentication plugin processes excessively large packets during authentication.
To detect this vulnerability on your system, monitor the MariaDB Server logs for unexpected crashes or hangs related to authentication attempts.
You can also check the version of your MariaDB Server to determine if it is affected by this issue.
- Run the command to check MariaDB version: mysql --version
- Monitor MariaDB error logs for crashes or hangs during authentication.
- Use network monitoring tools to detect unusually large authentication packets being sent to the server.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade MariaDB Server to a fixed version where this vulnerability is resolved.
- Upgrade to MariaDB Server version 11.4.10, 11.8.6, 12.2.2 or later.
If immediate upgrade is not possible, consider disabling or avoiding the use of the caching_sha2_password authentication plugin for user accounts.
Monitor and restrict the size of authentication packets if possible to prevent large packets from triggering the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service by crashing the MariaDB Server when processing large packets during authentication with the caching_sha2_password plugin. While it does not directly impact confidentiality or integrity of data, the resulting server instability and potential downtime could affect availability, which is a component of compliance frameworks like GDPR and HIPAA.
Organizations relying on MariaDB Server for critical applications may face challenges in maintaining continuous availability, potentially leading to non-compliance with availability requirements in these standards.
However, there is no indication from the provided information that this vulnerability leads to unauthorized data access or data breaches.