CVE-2023-22084

CVE-2023-22084

Name

CVE-2023-22084

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://www.oracle.com/security-alerts/cpuoct2023.html
MISC	https://security.netapp.com/advisory/ntap-20231027-0009/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html

Type

URI

MISC

https://www.oracle.com/security-alerts/cpuoct2023.html

MISC

https://security.netapp.com/advisory/ntap-20231027-0009/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/

secalert_us@oracle.com

https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oracle:mysql:8.1.0:::::::*`	mysql	== None	== 8.1.0
`cpe:2.3:a:oracle:mysql::::::::`	mysql	>= 8.0	<= 8.0.34
`cpe:2.3:a:oracle:mysql::::::::`	mysql	>= 5.7.0	<= 5.7.43

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*

mysql

== None

== 8.1.0

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

mysql

>= 8.0

<= 8.0.34

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

mysql

>= 5.7.0

<= 5.7.43

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
mariadb	3.19-main	10.11.6-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
mariadb	3.17-main	10.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
mariadb	3.16-main	10.6.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

mariadb

3.19-main

10.11.6-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

mariadb

3.17-main