CVE-2026-35549

Medium CVSS: 6.5

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.

Vendor

Product

CWE

CWE-789

Yayın Tarihi

2026-04-03 05:16:23

Güncelleme

2026-04-03 16:10:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-789 MEDIUM 2026

Referanslar

https://jira.mariadb.org/browse/MDEV-38365