Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-22056 (GCVE-0-2023-22056)
Vulnerability from cvelistv5 – Published: 2023-07-18 20:18 – Updated: 2025-02-13 16:43
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
* , ≤ 8.0.33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:59:29.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:28:41.953475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:38:15.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.33",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:06:19.474Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-22056",
"datePublished": "2023-07-18T20:18:37.134Z",
"dateReserved": "2022-12-17T19:26:00.756Z",
"dateUpdated": "2025-02-13T16:43:34.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0005/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:59:29.014Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-13T16:28:41.953475Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-13T16:33:48.728Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.33\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0005/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2023-07-18T20:18:37.134Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-13T16:38:15.355Z\", \"dateReserved\": \"2022-12-17T19:26:00.756Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2023-07-18T20:18:37.134Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2023-22056
Vulnerability from osv_almalinux
Published
2024-03-05 00:00
Modified
2024-03-07 19:03
Summary
Moderate: mysql security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
- mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)
- mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
- mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)
- mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
- mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
- mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
- mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
- mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
- mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
- mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
- zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
Bug Fix(es):
- Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)\n* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)\n* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)\n* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)\n* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)\n* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)\n* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)\n* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)\n* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)\n* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)\n* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)\n* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)\n* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)\n* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)\n\nBug Fix(es):\n\n* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:1141",
"modified": "2024-03-07T19:03:22Z",
"published": "2024-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:1141"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21911"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21929"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21940"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21945"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21980"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22007"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22008"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22032"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22033"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22038"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22053"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22054"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22057"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22058"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22068"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22103"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22111"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22112"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22113"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22114"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22115"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20960"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20965"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20967"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20968"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20969"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20970"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20971"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20973"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20978"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20981"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20985"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188113"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188115"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188116"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188117"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188118"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188119"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188120"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188121"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188122"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188123"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188124"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188125"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188127"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188128"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188129"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188130"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188131"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188132"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224212"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224213"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224214"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224215"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224216"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224217"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224218"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224220"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224222"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245014"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245015"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245018"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245019"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245020"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245021"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245023"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245027"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245028"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245029"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245030"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245031"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245033"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258772"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258773"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258774"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258775"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258776"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258777"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258778"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258779"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258780"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258781"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258783"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258784"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258785"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258788"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258789"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258791"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258792"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258793"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258794"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-1141.html"
}
],
"related": [
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21920",
"CVE-2023-21935",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21982",
"CVE-2023-21940",
"CVE-2023-21947",
"CVE-2023-21962",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21980",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22057",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22092",
"CVE-2023-22103",
"CVE-2023-22110",
"CVE-2023-22112",
"CVE-2023-22033",
"CVE-2023-22046",
"CVE-2023-22053",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22058",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22084",
"CVE-2023-22097",
"CVE-2023-22104",
"CVE-2023-22114",
"CVE-2023-22111",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-2097",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20982",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20981",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2022-4899",
"CVE-2023-22038",
"CVE-2023-22048",
"CVE-2023-22113"
],
"summary": "Moderate: mysql security update"
}
cve-2023-22056
Vulnerability from osv_almalinux
Published
2024-02-20 00:00
Modified
2024-02-28 16:26
Summary
Moderate: mysql:8.0 security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
- mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
- mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
- mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
- mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
- mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
- mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
- mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
- mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
- mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
- mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
- zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic-EUCJP"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)\n* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)\n* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)\n* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)\n* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)\n* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)\n* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)\n* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)\n* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)\n* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)\n* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)\n* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)\n* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)\n* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)",
"id": "ALSA-2024:0894",
"modified": "2024-02-28T16:26:23Z",
"published": "2024-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0894"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21911"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21929"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21940"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21945"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21980"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22007"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22008"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22032"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22033"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22038"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22053"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22054"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22057"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22058"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22068"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22103"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22111"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22112"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22113"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22114"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22115"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20960"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20965"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20967"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20968"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20969"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20970"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20971"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20973"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20978"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20981"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20985"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188113"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188115"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188116"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188117"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188118"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188119"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188120"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188121"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188122"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188123"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188124"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188125"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188127"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188128"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188129"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188130"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188131"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188132"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224212"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224213"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224214"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224215"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224216"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224217"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224218"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224220"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224222"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245014"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245015"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245018"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245019"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245020"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245021"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245023"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245027"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245028"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245029"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245030"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245031"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245033"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258772"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258773"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258774"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258775"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258776"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258777"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258778"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258779"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258780"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258781"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258783"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258784"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258785"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258788"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258789"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258791"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258792"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258793"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258794"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0894.html"
}
],
"related": [
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21920",
"CVE-2023-21935",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21982",
"CVE-2023-21940",
"CVE-2023-21947",
"CVE-2023-21962",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21980",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22057",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22092",
"CVE-2023-22103",
"CVE-2023-22110",
"CVE-2023-22112",
"CVE-2023-22033",
"CVE-2023-22046",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22053",
"CVE-2023-22058",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22084",
"CVE-2023-22097",
"CVE-2023-22104",
"CVE-2023-22114",
"CVE-2023-22111",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-20970",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20982",
"CVE-2024-20981",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2022-4899",
"CVE-2023-22038",
"CVE-2023-22048",
"CVE-2023-22113"
],
"summary": "Moderate: mysql:8.0 security update"
}
FKIE_CVE-2023-22056
Vulnerability from fkie_nvd - Published: 2023-07-18 21:15 - Updated: 2024-11-21 07:44
Severity ?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql_server | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B45D7F6F-1D87-4081-9643-50B30EFC238D",
"versionEndIncluding": "8.0.33",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones afectadas son 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar un cuelgue o una ca\u00edda frecuentemente repetible (DOS completo) de MySQL Server. CVSS 3.1 Base Score 4.9 (Impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2023-22056",
"lastModified": "2024-11-21T07:44:11.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2023-07-18T21:15:15.130",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-22056
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-22056",
"id": "GSD-2023-22056"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-22056"
],
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GSD-2023-22056",
"modified": "2023-12-13T01:20:43.325349Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2023-22056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "*",
"version_value": "8.0.33"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2023.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.33",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2023-22056"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2023.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-11-15T03:04Z",
"publishedDate": "2023-07-18T21:15Z"
}
}
}
CVE-2023-22056
Vulnerability from fstec - Published: 18.07.2023
VLAI Severity ?
Title
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
АО «ИВК», Oracle Corp.
Software Name
Альт 8 СП (запись в едином реестре российских программ №4305), MySQL Server, АЛЬТ СП 10
Software Version
- (Альт 8 СП), до 8.0.33 включительно (MySQL Server), - (АЛЬТ СП 10)
Possible Mitigations
Использование рекомендаций:
https://www.oracle.com/security-alerts/cpujul2023.html
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Reference
https://security.netapp.com/advisory/ntap-20230725-0005/
https://www.oracle.com/security-alerts/cpujul2023.html
https://vuldb.com/?id.234913
https://www.cybersecurity-help.cz/vdb/SB2023071997
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 8.0.33 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.oracle.com/security-alerts/cpujul2023.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.07.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.07.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04223",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-22056",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), MySQL Server, \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security.netapp.com/advisory/ntap-20230725-0005/\nhttps://www.oracle.com/security-alerts/cpujul2023.html\nhttps://vuldb.com/?id.234913\nhttps://www.cybersecurity-help.cz/vdb/SB2023071997\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)"
}
CNVD-2023-65512
Vulnerability from cnvd - Published: 2023-09-01
VLAI Severity ?
Title
Oracle MySQL Server存在未明漏洞(CNVD-2023-65512)
Description
Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。
Oracle MySQL Server存在安全漏洞,攻击者可利用该漏洞导致未经授权的MySQL服务器挂起或频繁重复崩溃(完整的DOS)。
Severity
中
Patch Name
Oracle MySQL Server存在未明漏洞(CNVD-2023-65512)的补丁
Patch Description
Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。
Oracle MySQL Server存在安全漏洞,攻击者可利用该漏洞导致未经授权的MySQL服务器挂起或频繁重复崩溃(完整的DOS)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.oracle.com/security-alerts/cpujul2023.html
Reference
https://www.oracle.com/security-alerts/cpujul2023.html
Impacted products
| Name | Oracle MySQL Server <=8.0.33 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-22056",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-22056"
}
},
"description": "Oracle MySQL Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u3002\n\nOracle MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684MySQL\u670d\u52a1\u5668\u6302\u8d77\u6216\u9891\u7e41\u91cd\u590d\u5d29\u6e83\uff08\u5b8c\u6574\u7684DOS\uff09\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujul2023.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-65512",
"openTime": "2023-09-01",
"patchDescription": "Oracle MySQL Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u3002\r\n\r\nOracle MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684MySQL\u670d\u52a1\u5668\u6302\u8d77\u6216\u9891\u7e41\u91cd\u590d\u5d29\u6e83\uff08\u5b8c\u6574\u7684DOS\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-65512\uff09\u7684\u8865\u4e01",
"products": {
"product": "Oracle MySQL Server \u003c=8.0.33"
},
"referenceLink": "https://www.oracle.com/security-alerts/cpujul2023.html",
"serverity": "\u4e2d",
"submitTime": "2023-07-20",
"title": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-65512\uff09"
}
GHSA-H3FP-97X3-HFH7
Vulnerability from github – Published: 2023-07-18 21:30 – Updated: 2023-11-15 03:30
VLAI?
Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
4.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-22056"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-18T21:15:15Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-h3fp-97x3-hfh7",
"modified": "2023-11-15T03:30:26Z",
"published": "2023-07-18T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22056"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230725-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2023-AVI-0563
Vulnerability from certfr_avis - Published: 2023-07-19 - Updated: 2023-07-19
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions 5.7.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22033"
},
{
"name": "CVE-2023-22038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22038"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22057"
},
{
"name": "CVE-2023-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22058"
},
{
"name": "CVE-2023-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22005"
},
{
"name": "CVE-2023-22048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22048"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2023-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22008"
},
{
"name": "CVE-2023-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22056"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-22046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22046"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22054"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21950"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
}
],
"initial_release_date": "2023-07-19T00:00:00",
"last_revision_date": "2023-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…