What is CVE-2021-46669?

CVE-2021-46669 is a high-severity vulnerability in MariaDB that allows attackers to trigger a use-after-free condition. Organizations using affected versions should prioritize patching immediately to mitigate potential impacts.

What is the severity of CVE-2021-46669?

CVE-2021-46669 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2021-46669 | High Vulnerability in MariaDB

CVE-2021-46669 is a high-severity vulnerability affecting MariaDB through version 10.5.9. This vulnerability allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. The potential risk associated with this vulnerability is significant, particularly regarding the availability of affected systems, as it can lead to service disruptions.

The CVSS score for this vulnerability is 7.5, which indicates a high severity level. The attack vector is network-based, and the attack complexity is low, meaning that attackers do not require special access privileges or user interaction to exploit this vulnerability. Thus, the urgency for organizations to address this issue is high.

Given the potential impacts and the ease of exploitation, organizations should prioritize patching immediately. Failure to address this vulnerability could lead to severe availability issues.

Organizations are encouraged to review their systems for the affected versions of MariaDB and implement necessary updates as soon as possible.

Vulnerability Details

The official description of this vulnerability states that MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. The vulnerability has a CVSS score of 7.5, classified as high severity. The affected products include various versions of MariaDB, Fedora, and Debian Linux.

This vulnerability was published on February 1, 2022, and falls under the CWE classification CWE-416, which pertains to use after free vulnerabilities.

Technical Analysis

The root cause of CVE-2021-46669 is a use-after-free condition, which occurs when the program continues to use a pointer after the memory it points to has been freed. The attack vector for this vulnerability is network-based, making it accessible to remote attackers without requiring physical access.

The attack complexity is low, meaning that an attacker can exploit this vulnerability without extensive knowledge or skill. No privileges are required, and user interaction is not necessary to trigger the vulnerability.

The impacts of this vulnerability include potential denial of service, as it may lead to crashes or unexpected behavior of the MariaDB service.

Risk & Impact Analysis

Risk to organizations includes the potential for service disruption and loss of availability of critical database services. The blast radius is significant, especially for organizations relying on MariaDB for essential operations. The urgency for addressing this vulnerability is high due to its high CVSS score and potential impact on availability.

Organizations should not only prioritize patching this vulnerability but also evaluate their security posture regarding database configurations and access controls.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of MariaDB are affected: all versions prior to 10.5.9, including versions 10.2.44, 10.3.0 to 10.3.35, 10.4.0 to 10.4.25, and 10.5.0 to 10.5.16. Additionally, Fedora 35 and 36, as well as Debian 10.0 are also vulnerable.

Mitigation & Remediation

Organizations should immediately patch affected versions of MariaDB. The latest updates can be found on the MariaDB security page. In cases where patching is not immediately possible, implement network controls to limit access to vulnerable systems and monitor for unusual activity.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for any unusual access patterns and errors related to the BIGINT data type. Behavioral anomalies in database interactions can also be an indicator of attempted exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-46669 lies in its reflection of persistent vulnerabilities in widely used database technologies. As organizations increasingly rely on database systems, understanding and addressing such vulnerabilities is crucial for maintaining operational integrity.

This case highlights the importance of timely patching and proactive security measures to prevent exploitation. Organizations should also consider implementing a comprehensive penetration testing program to regularly assess their security posture against emerging threats.

Additionally, understanding the underlying causes of vulnerabilities, such as use-after-free conditions, can help inform better development practices and security protocols in the future.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-46669: High Vulnerability in MariaDB