{"id":"CVE-2026-32710","summary":"Heap-based Buffer Overflow in MariaDB","details":"MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.","aliases":["BIT-mariadb-2026-32710","BIT-mariadb-min-2026-32710","BIT-mysql-client-2026-32710","GHSA-4rj5-2227-9wgc"],"modified":"2026-05-30T05:38:42.275999Z","published":"2026-03-20T18:31:48.870Z","related":["SUSE-SU-2026:1367-1","SUSE-SU-2026:21407-1","openSUSE-SU-2026:10694-1","openSUSE-SU-2026:20629-1"],"database_specific":{"cwe_ids":["CWE-122"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32710.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://jira.mariadb.org/browse/MDEV-38356"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32710.json"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32710"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"70117463f032d59f8e328335e19b59157d34cf07"},{"fixed":"d26a6f44c1f2119377e79a9540886c6d8c01472f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-32710.json","vanir_signatures_modified":"2026-05-30T05:38:42Z","vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"CVE-2026-32710-22eb6579","signature_version":"v1","source":"https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f","digest":{"threshold":0.9,"line_hashes":["331495033010792057398295084692551616862","178889473583969224685848879336469251622","72995215509533274417683389386874442936","34733286214113447932010597917174327234","220595837734737098186096626766433509208","338750869998908232338240892716586972189","200331074068810549623743321810491183265","318528549273668054390962137954896768015","26834430279848683763735550481300098934","68590751291616411132278116452337632760","155245705888256277018230600879388905005","281201383801172153236642507346466029898","11578098737963444869029556637210276545","88679534638751502059684342659870334045","174412566811641505963715332693034819441","212479306865523010564552785282223352918","264094808494796852436130642367514195992"]},"target":{"file":"sql/sp_instr.cc"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2026-32710-f170ab29","signature_version":"v1","source":"https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f","digest":{"threshold":0.9,"line_hashes":["333736738574052575197108677744715005253","262810137784205432405179339402165348111","118178308854161151067014370856362614751","10257631431620263937293216233444103471"]},"target":{"file":"sql/sp_instr.h"}},{"signature_type":"Function","deprecated":false,"id":"CVE-2026-32710-fe069a50","signature_version":"v1","source":"https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f","digest":{"function_hash":"47421469537526624674199985998928255848","length":2658},"target":{"function":"sp_lex_instr::parse_expr","file":"sql/sp_instr.cc"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}