{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35549", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T05:00:17.626Z", "datePublished": "2026-04-03T05:00:18.121Z", "dateUpdated": "2026-04-03T14:34:04.466Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MariaDB", "vendor": "MariaDB", "versions": [{"lessThan": "11.4.10", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "11.8.6", "status": "affected", "version": "11.5.0", "versionType": "semver"}, {"lessThan": "12.2.2", "status": "affected", "version": "12.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T05:00:18.121Z"}, "references": [{"url": "https://jira.mariadb.org/browse/MDEV-38365"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T14:33:50.651023Z", "id": "CVE-2026-35549", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:34:04.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35549", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T14:33:50.651023Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:33:57.055Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MariaDB", "product": "MariaDB", "versions": [{"status": "affected", "version": "0", "lessThan": "11.4.10", "versionType": "semver"}, {"status": "affected", "version": "11.5.0", "lessThan": "11.8.6", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThan": "12.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://jira.mariadb.org/browse/MDEV-38365"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T05:00:18.121Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35549", "state": "PUBLISHED", "dateUpdated": "2026-04-03T14:34:04.466Z", "dateReserved": "2026-04-03T05:00:17.626Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T05:00:18.121Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca."}], "id": "CVE-2026-35549", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-03T05:16:23.160", "references": [{"source": "cve@mitre.org", "url": "https://jira.mariadb.org/browse/MDEV-38365"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,11.4.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.5.0,11.8.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.0.0,12.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MariaDB", "source": "cna", "vendor": "MariaDB"}, "product": "mariadb", "vendor": "mariadb"}], "analysis": {"en": {"generated_at": "2026-04-03T07:50:20.506797+00:00", "value": {"mitigation_remediation": ["Upgrade MariaDB to the latest available version in your release line.", "If immediate upgrade is not possible, disable the caching_sha2_password plugin for all accounts or change accounts to use an alternative authentication plugin."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to MariaDB Server from MariaDB across multiple series. Specifically, all 11.4.x releases older than 11.4.10, every 11.5.x release, every 11.6.x and 11.7.x release, all 11.8.x releases older than 11.8.6, and all 12.0.x, 12.1.x, and 12.2.x releases older than 12.2.2 are vulnerable when the caching_sha2_password plugin is enabled for any account.", "description_and_impact": "A flaw exists in MariaDB Server versions before certain release points, affecting configurations that use the caching_sha2_password authentication plugin. Sending a specially crafted large packet triggers a crash because the sha256_crypt_r function allocates memory on the stack with alloca based on packet size, leading to a stack buffer overflow. The result is a denial of service, where the database process terminates and must be restarted, affecting availability for all users on the affected instance.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate risk. No EPSS score is available, so the exploitation frequency is unclear. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need remote access to the MariaDB server and an account that authenticates via caching_sha2_password to send an oversized packet, making exposed or compromised database instances the most likely targets; isolated internal deployments are less vulnerable."}}}}, "created": "2026-04-03T07:30:58.626504+00:00", "title": "Large Packet Crashes MariaDB Server via caching_sha2_password Plugin", "updated": "2026-04-03T09:15:44.969676+00:00", "vendors": ["mariadb", "mariadb$PRODUCT$mariadb"]}