Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-22113 (GCVE-0-2023-22113)
Vulnerability from cvelistv5 – Published: 2023-10-17 21:03 – Updated: 2025-06-12 15:07
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
Severity ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
* , ≤ 8.0.33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:59:29.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T15:06:18.516632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T15:07:08.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.33",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T14:07:00.831Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-22113",
"datePublished": "2023-10-17T21:03:09.182Z",
"dateReserved": "2022-12-17T19:26:00.763Z",
"dateUpdated": "2025-06-12T15:07:08.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0009/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:59:29.132Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-12T15:06:18.516632Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-12T15:07:02.734Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.33\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0009/\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2023-10-27T14:07:00.831Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22113\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-12T15:07:08.073Z\", \"dateReserved\": \"2022-12-17T19:26:00.763Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2023-10-17T21:03:09.182Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2023-22113
Vulnerability from osv_almalinux
Published
2024-03-05 00:00
Modified
2024-03-07 19:03
Summary
Moderate: mysql security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
- mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)
- mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
- mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)
- mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
- mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
- mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
- mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
- mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
- mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
- mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
- zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
Bug Fix(es):
- Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)\n* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)\n* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)\n* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)\n* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)\n* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)\n* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)\n* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)\n* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)\n* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)\n* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)\n* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)\n* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)\n* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)\n\nBug Fix(es):\n\n* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:1141",
"modified": "2024-03-07T19:03:22Z",
"published": "2024-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:1141"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21911"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21929"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21940"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21945"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21980"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22007"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22008"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22032"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22033"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22038"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22053"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22054"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22057"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22058"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22068"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22103"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22111"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22112"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22113"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22114"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22115"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20960"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20965"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20967"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20968"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20969"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20970"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20971"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20973"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20978"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20981"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20985"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188113"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188115"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188116"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188117"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188118"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188119"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188120"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188121"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188122"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188123"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188124"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188125"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188127"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188128"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188129"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188130"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188131"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188132"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224212"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224213"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224214"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224215"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224216"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224217"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224218"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224220"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224222"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245014"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245015"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245018"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245019"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245020"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245021"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245023"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245027"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245028"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245029"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245030"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245031"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245033"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258772"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258773"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258774"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258775"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258776"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258777"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258778"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258779"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258780"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258781"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258783"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258784"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258785"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258788"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258789"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258791"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258792"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258793"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258794"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-1141.html"
}
],
"related": [
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21920",
"CVE-2023-21935",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21982",
"CVE-2023-21940",
"CVE-2023-21947",
"CVE-2023-21962",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21980",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22057",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22092",
"CVE-2023-22103",
"CVE-2023-22110",
"CVE-2023-22112",
"CVE-2023-22033",
"CVE-2023-22046",
"CVE-2023-22053",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22058",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22084",
"CVE-2023-22097",
"CVE-2023-22104",
"CVE-2023-22114",
"CVE-2023-22111",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-2097",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20982",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20981",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2022-4899",
"CVE-2023-22038",
"CVE-2023-22048",
"CVE-2023-22113"
],
"summary": "Moderate: mysql security update"
}
cve-2023-22113
Vulnerability from osv_almalinux
Published
2024-02-20 00:00
Modified
2024-02-28 16:26
Summary
Moderate: mysql:8.0 security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
- mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
- mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
- mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
- mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
- mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
- mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
- mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
- mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
- mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
- mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
- zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-2.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mecab-ipadic-EUCJP"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-16.module_el8.6.0+3340+d764b636"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.36-1.module_el8.9.0+3735+82bd6c11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)\n* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)\n* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)\n* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)\n* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)\n* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)\n* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)\n* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)\n* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)\n* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)\n* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)\n* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)\n* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)\n* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)\n* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)\n* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)\n* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)\n* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)\n* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)\n* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)\n* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)",
"id": "ALSA-2024:0894",
"modified": "2024-02-28T16:26:23Z",
"published": "2024-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0894"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21911"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21929"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21940"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21945"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21980"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-21982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22007"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22008"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22032"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22033"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22038"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22053"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22054"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22057"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22058"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22068"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22103"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22111"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22112"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22113"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22114"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-22115"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20960"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20965"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20966"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20967"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20968"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20969"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20970"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20971"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20972"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20973"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20977"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20978"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20981"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20982"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-20985"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188113"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188115"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188116"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188117"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188118"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188119"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188120"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188121"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188122"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188123"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188124"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188125"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188127"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188128"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188129"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188130"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188131"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188132"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224211"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224212"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224213"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224214"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224215"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224216"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224217"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224218"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224220"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2224222"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245014"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245015"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245017"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245018"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245019"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245020"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245021"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245022"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245023"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245024"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245026"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245027"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245028"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245029"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245030"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245031"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245032"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245033"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245034"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258771"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258772"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258773"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258774"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258775"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258776"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258777"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258778"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258779"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258780"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258781"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258783"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258784"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258785"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258788"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258789"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258791"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258792"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258793"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258794"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0894.html"
}
],
"related": [
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21920",
"CVE-2023-21935",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21982",
"CVE-2023-21940",
"CVE-2023-21947",
"CVE-2023-21962",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21980",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22057",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22092",
"CVE-2023-22103",
"CVE-2023-22110",
"CVE-2023-22112",
"CVE-2023-22033",
"CVE-2023-22046",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22053",
"CVE-2023-22058",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22084",
"CVE-2023-22097",
"CVE-2023-22104",
"CVE-2023-22114",
"CVE-2023-22111",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-20970",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20982",
"CVE-2024-20981",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2022-4899",
"CVE-2023-22038",
"CVE-2023-22048",
"CVE-2023-22113"
],
"summary": "Moderate: mysql:8.0 security update"
}
CERTFR-2023-AVI-0863
Vulnerability from certfr_avis - Published: 2023-10-18 - Updated: 2023-10-18
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.35 et antérieures | ||
| Oracle | MySQL | MySQL Installer versions antérieures à 1.6.8 | ||
| Oracle | MySQL | MySQL Server 5.7.43 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.34 et antérieures | ||
| Oracle | MySQL | MySQL Server version 8.1.0 | ||
| Oracle | MySQL | MySQL Connectors versions 8.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.35 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 8.1.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Installer versions ant\u00e9rieures \u00e0 1.6.8",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server 5.7.43 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server version 8.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22094"
},
{
"name": "CVE-2023-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
},
{
"name": "CVE-2023-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
},
{
"name": "CVE-2023-22095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22095"
},
{
"name": "CVE-2023-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-22065",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22065"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-22110",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22110"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22113"
},
{
"name": "CVE-2023-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
},
{
"name": "CVE-2023-22102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22102"
},
{
"name": "CVE-2023-22112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22112"
},
{
"name": "CVE-2023-34034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34034"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-34396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2023-22032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2023-22104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22104"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-22078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
},
{
"name": "CVE-2023-22092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22092"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2023-22115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22115"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-22064",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22064"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-22114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-34149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
},
{
"name": "CVE-2023-22059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
},
{
"name": "CVE-2023-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22079"
},
{
"name": "CVE-2023-22111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22111"
},
{
"name": "CVE-2023-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-22068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
}
],
"initial_release_date": "2023-10-18T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0863",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023verbose du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
]
}
CVE-2023-22113
Vulnerability from fstec - Published: 17.10.2023
VLAI Severity ?
Title
Уязвимость компонента Server: Security: Encryption системы управления базами данных Oracle MySQL Server, связанная с некорректным контролем доступа, позволяющая нарушителю получить доступ к защищаемой информации
Description
Уязвимость компонента Server: Security: Encryption системы управления базами данных Oracle MySQL Server связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации
Severity ?
Vendor
АО «ИВК», Oracle Corp.
Software Name
Альт 8 СП (запись в едином реестре российских программ №4305), АЛЬТ СП 10, MySQL Server
Software Version
- (Альт 8 СП), - (АЛЬТ СП 10), от 8.0 до 8.0.33 включительно (MySQL Server)
Possible Mitigations
Использование рекомендаций:
https://www.oracle.com/security-alerts/cpuoct2023.html
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Reference
https://vuldb.com/ru/?id.242793
https://www.oracle.com/security-alerts/cpuoct2023.html
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (\u0410\u043b\u044c\u0442 8 \u0421\u041f), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u043e\u0442 8.0 \u0434\u043e 8.0.33 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.oracle.com/security-alerts/cpuoct2023.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07099",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-22113",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041b\u042c\u0422 \u0421\u041f 10, MySQL Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Security: Encryption \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Security: Encryption \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/ru/?id.242793\nhttps://www.oracle.com/security-alerts/cpuoct2023.html\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,7)"
}
GHSA-3VXQ-839X-9F98
Vulnerability from github – Published: 2023-10-18 00:31 – Updated: 2025-06-12 15:31
VLAI?
Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
Severity ?
{
"affected": [],
"aliases": [
"CVE-2023-22113"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-17T22:15:15Z",
"severity": "LOW"
},
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
"id": "GHSA-3vxq-839x-9f98",
"modified": "2025-06-12T15:31:16Z",
"published": "2023-10-18T00:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22113"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231027-0009"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2023-22113
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-22113",
"id": "GSD-2023-22113"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-22113"
],
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
"id": "GSD-2023-22113",
"modified": "2023-12-13T01:20:43.362439Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2023-22113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "*",
"version_value": "8.0.33"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2023.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231027-0009/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98",
"versionEndIncluding": "8.0.33",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Security: Encryption). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 2.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
],
"id": "CVE-2023-22113",
"lastModified": "2023-12-22T16:40:56.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2023-10-17T22:15:15.873",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
FKIE_CVE-2023-22113
Vulnerability from fkie_nvd - Published: 2023-10-17 22:15 - Updated: 2025-06-12 15:15
Severity ?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql | * | |
| netapp | oncommand_insight | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98",
"versionEndIncluding": "8.0.33",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Security: Encryption). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 2.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
],
"id": "CVE-2023-22113",
"lastModified": "2025-06-12T15:15:30.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2023-10-17T22:15:15.873",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…