https://blog.kalfaoglu.net/tags/database/Recent content in Database on kalfaoglu.netHugoenSat, 09 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-09-mariadb-cve-2026-32710-json-schema-en/Sat, 09 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-09-mariadb-cve-2026-32710-json-schema-en/<p>A heap buffer overflow in MariaDB&rsquo;s <code>JSON_SCHEMA_VALID()</code> function went unnoticed for years — until AI-assisted code analysis flagged it earlier this year. The flaw, now tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32710">CVE-2026-32710</a>, was <a href="https://securityonline.info/mariadb-json-schema-validation-buffer-overflow-vulnerability-cve-2026-32710/">disclosed on March 19, 2026</a>, and patches landed the same day. If your server runs MariaDB 11.4.x or 11.8.x and you haven&rsquo;t applied the update yet, this is the one to prioritise this week.</p> <h2 id="what-the-bug-actually-does">What the Bug Actually Does</h2> <p>The problem lives in <code>json_get_normalized_string()</code> inside <code>sql/json_schema_helper.cc</code>. The function allocates a fixed 128-byte heap buffer and then copies a JSON string value into it using <code>strncpy</code> — without first checking whether the value fits. If an attacker crafts a JSON schema with a string field longer than that buffer, the heap overflows.</p>