Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-21917 (GCVE-0-2023-21917)
Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.30 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:51.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:39:35.234231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:43:21.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.30 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T14:06:40.705Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21917",
"datePublished": "2023-04-18T19:54:18.877Z",
"dateReserved": "2022-12-17T19:26:00.714Z",
"dateUpdated": "2025-02-13T16:40:22.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230427-0007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:51:51.323Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21917\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T19:39:35.234231Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T19:40:57.667Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.30 and prior\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230427-0007/\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2023-04-18T19:54:18.877Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-21917\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-16T19:43:21.235Z\", \"dateReserved\": \"2022-12-17T19:26:00.714Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2023-04-18T19:54:18.877Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2023-21917
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-22 09:17
Summary
Important: mysql:8.0 security, bug fix, and enhancement update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
The following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177734, BZ#2177735, BZ#2177736)
Security Fix(es):
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)
- mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)
- mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)
- mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)
- mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)
- mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- AlmaLinux8 AppStream and Devel channels missing mecab-devel rpm (BZ#2180411)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic-EUCJP"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.module_el8.8.0+3567+56a616e4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177734, BZ#2177735, BZ#2177736)\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)\n* mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)\n* mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* AlmaLinux8 AppStream and Devel channels missing mecab-devel rpm (BZ#2180411)",
"id": "ALSA-2023:3087",
"modified": "2023-05-22T09:17:55Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:3087"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21594"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21599"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21604"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21608"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21611"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21617"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21625"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21632"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21633"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21637"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21640"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39400"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21836"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21864"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21865"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21867"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21868"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21869"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21870"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21871"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21873"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21874"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21875"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21876"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21877"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21878"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21879"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21880"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21882"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21883"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21887"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21912"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21917"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142861"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142863"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142865"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142868"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142869"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142870"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142872"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142873"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142875"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142877"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142879"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142880"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142881"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162270"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162271"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162274"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162275"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162276"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162277"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162278"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162280"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162281"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162282"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162283"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162285"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162286"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162287"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162288"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162289"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162291"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188110"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188112"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-3087.html"
}
],
"related": [
"CVE-2023-21912",
"CVE-2022-21594",
"CVE-2022-21599",
"CVE-2022-21604",
"CVE-2022-21608",
"CVE-2022-21611",
"CVE-2022-21617",
"CVE-2022-21625",
"CVE-2022-21632",
"CVE-2022-21633",
"CVE-2022-21637",
"CVE-2022-21640",
"CVE-2022-39400",
"CVE-2022-39408",
"CVE-2022-39410",
"CVE-2023-21836",
"CVE-2023-21863",
"CVE-2023-21864",
"CVE-2023-21865",
"CVE-2023-21867",
"CVE-2023-21868",
"CVE-2023-21869",
"CVE-2023-21870",
"CVE-2023-21871",
"CVE-2023-21873",
"CVE-2023-21875",
"CVE-2023-21876",
"CVE-2023-21877",
"CVE-2023-21878",
"CVE-2023-21879",
"CVE-2023-21880",
"CVE-2023-21881",
"CVE-2023-21883",
"CVE-2023-21887",
"CVE-2023-21917",
"CVE-2023-21874",
"CVE-2023-21882"
],
"summary": "Important: mysql:8.0 security, bug fix, and enhancement update"
}
cve-2023-21917
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-11 23:14
Summary
Important: mysql security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
The following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177731, BZ#2177732)
Security Fix(es):
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)
- mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)
- mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)
- mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)
- mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)
- mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.32-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177731, BZ#2177732)\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594)\n* mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611)\n* mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632)\n* mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879)\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883)\n* mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917)\n* mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:2621",
"modified": "2023-05-11T23:14:49Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2621"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21594"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21599"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21604"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21608"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21611"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21617"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21625"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21632"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21633"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21637"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21640"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39400"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21836"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21864"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21865"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21867"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21868"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21869"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21870"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21871"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21873"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21874"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21875"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21876"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21877"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21878"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21879"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21880"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21882"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21883"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21887"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21912"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21917"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142861"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142863"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142865"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142868"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142869"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142870"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142872"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142873"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142875"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142877"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142879"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142880"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2142881"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162270"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162271"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162274"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162275"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162276"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162277"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162278"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162280"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162281"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162282"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162283"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162285"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162286"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162287"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162288"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162289"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2162291"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188110"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188112"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2621.html"
}
],
"related": [
"CVE-2023-21912",
"CVE-2022-21594",
"CVE-2022-21599",
"CVE-2022-21604",
"CVE-2022-21608",
"CVE-2022-21611",
"CVE-2022-21617",
"CVE-2022-21625",
"CVE-2022-21632",
"CVE-2022-21633",
"CVE-2022-21637",
"CVE-2022-21640",
"CVE-2022-39400",
"CVE-2022-39408",
"CVE-2022-39410",
"CVE-2023-21836",
"CVE-2023-21863",
"CVE-2023-21864",
"CVE-2023-21865",
"CVE-2023-21867",
"CVE-2023-21868",
"CVE-2023-21869",
"CVE-2023-21870",
"CVE-2023-21871",
"CVE-2023-21873",
"CVE-2023-21875",
"CVE-2023-21876",
"CVE-2023-21877",
"CVE-2023-21878",
"CVE-2023-21879",
"CVE-2023-21880",
"CVE-2023-21881",
"CVE-2023-21883",
"CVE-2023-21887",
"CVE-2023-21917",
"CVE-2023-21874",
"CVE-2023-21882"
],
"summary": "Important: mysql security update"
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis - Published: 2023-04-19 - Updated: 2023-04-20
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"initial_release_date": "2023-04-19T00:00:00",
"last_revision_date": "2023-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
GHSA-C56J-6W4V-VFW3
Vulnerability from github – Published: 2023-04-18 21:30 – Updated: 2024-04-04 03:32
VLAI?
Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-21917"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-18T20:15:12Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-c56j-6w4v-vfw3",
"modified": "2024-04-04T03:32:38Z",
"published": "2023-04-18T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21917"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2023-21917
Vulnerability from fstec - Published: 18.04.2023
VLAI Severity ?
Title
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
АО «ИВК», Oracle Corp.
Software Name
Альт 8 СП (запись в едином реестре российских программ №4305), MySQL Server, АЛЬТ СП 10
Software Version
- (Альт 8 СП), от 8.0 до 8.0.30 включительно (MySQL Server), - (АЛЬТ СП 10)
Possible Mitigations
Использование рекомендаций производителя:
https://www.oracle.com/security-alerts/cpuapr2023.html
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Reference
https://www.oracle.com/security-alerts/cpuapr2023.html
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u043e\u0442 8.0 \u0434\u043e 8.0.30 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.oracle.com/security-alerts/cpuapr2023.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.04.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02481",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-21917",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), MySQL Server, \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Server \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpuapr2023.html\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)"
}
CNVD-2023-67106
Vulnerability from cnvd - Published: 2023-09-07
VLAI Severity ?
Title
Oracle MySQL Server存在未明漏洞(CNVD-2023-67106)
Description
Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。
Oracle MySQL Server存在安全漏洞,攻击者可利用该漏洞导致未经授权的MySQL Server挂起或频繁重复崩溃。
Severity
中
Patch Name
Oracle MySQL Server存在未明漏洞(CNVD-2023-67106)的补丁
Patch Description
Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。
Oracle MySQL Server存在安全漏洞,攻击者可利用该漏洞导致未经授权的MySQL Server挂起或频繁重复崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.oracle.com/security-alerts/cpuapr2023.html
Reference
https://www.oracle.com/security-alerts/cpuapr2023.html
Impacted products
| Name | Oracle MySQL Server <=8.0.30 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-21917",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-21917"
}
},
"description": "Oracle MySQL Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u3002\n\nOracle MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684MySQL Server\u6302\u8d77\u6216\u9891\u7e41\u91cd\u590d\u5d29\u6e83\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuapr2023.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-67106",
"openTime": "2023-09-07",
"patchDescription": "Oracle MySQL Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u3002\r\n\r\nOracle MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684MySQL Server\u6302\u8d77\u6216\u9891\u7e41\u91cd\u590d\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-67106\uff09\u7684\u8865\u4e01",
"products": {
"product": "Oracle MySQL Server \u003c=8.0.30"
},
"referenceLink": "https://www.oracle.com/security-alerts/cpuapr2023.html",
"serverity": "\u4e2d",
"submitTime": "2023-04-21",
"title": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-67106\uff09"
}
FKIE_CVE-2023-21917
Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43
Severity ?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC48919-7050-4D73-87AF-C467E93ECA61",
"versionEndIncluding": "8.0.30",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2023-21917",
"lastModified": "2024-11-21T07:43:54.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2023-04-18T20:15:12.947",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-21917
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-21917",
"id": "GSD-2023-21917"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-21917"
],
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GSD-2023-21917",
"modified": "2023-12-13T01:20:26.426009Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2023-21917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.30 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230427-0007/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.30",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2023-21917"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230427-0007/",
"refsource": "MISC",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-04-27T15:15Z",
"publishedDate": "2023-04-18T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…