cve 2023 52971

CVE-2023-52971 is a denial-of-service vulnerability in MariaDB affecting versions 10.10 through 10.11.x and 11.0 through 11.4.x. The flaw resides in the query planner's JOIN rewriting routine, specifically within JOIN::fix_all_splittings_in_plan, causing the server to crash when processing certain complex queries. This results in immediate and repeatable service disruption. The vulnerability is triggered by a logic error in the optimizer's attempt to rewrite joins for efficient execution. Users running affected MariaDB versions should apply the official patch to prevent crashes. The tag covers discussions on identifying, understanding, and mitigating this specific CVE, including patch guidance and impact analysis for database administrators.