CVE-2022-21249 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21249 represents a significant security weakness within Oracle MySQL Server's Data Definition Language processing subsystem. This flaw exists in the server component responsible for handling database schema modifications and is particularly concerning as it affects MySQL versions 8.0.27 and earlier, indicating a widespread exposure across a substantial portion of the MySQL user base. The vulnerability's classification as easily exploitable suggests that attackers with minimal technical expertise can leverage this weakness, making it particularly dangerous in production environments where database systems face constant network threats. The attack vector requires only network access through multiple protocols, eliminating the need for physical access or complex attack chains that would typically be required for similar vulnerabilities.
The technical nature of this vulnerability stems from insufficient input validation within the DDL processing mechanism of MySQL Server, creating an avenue for malicious actors to manipulate database schema operations. This flaw specifically targets the server's ability to handle certain data definition language commands, potentially allowing an attacker with high privileges to inject malformed data or commands that can disrupt normal database operations. The vulnerability's impact is categorized as partial denial of service, meaning that successful exploitation can compromise the availability of database services without necessarily leading to complete system compromise or data theft. The CVSS 3.1 scoring system assigns a base score of 2.7, which reflects the relatively low severity impact but significant availability implications of this flaw.
From an operational standpoint, this vulnerability poses a substantial risk to organizations relying on MySQL Server for critical database operations, particularly in environments where network access is not strictly controlled or where privilege escalation has occurred. The requirement for high privileged access means that this vulnerability is typically exploitable only by users who already have significant database permissions, but such access is often present in development environments or when administrative accounts are compromised. The partial denial of service impact can severely disrupt business operations, especially in scenarios where database availability is critical for application functionality, potentially leading to cascading failures in dependent systems. Organizations with legacy MySQL installations may find themselves particularly vulnerable due to the widespread use of affected versions.
Security professionals should prioritize patch management and immediate deployment of Oracle's security updates to address this vulnerability, as the ease of exploitation makes it a prime target for automated attacks. The vulnerability aligns with CWE-129, which covers improper validation of input boundaries, and may also relate to ATT&CK technique T1070.006 for 'Indicator Removal on Host: File Deletion' if attackers use this vulnerability to disrupt database operations. Organizations should implement network segmentation and access controls to limit exposure, while monitoring for unusual database activity that might indicate exploitation attempts. Additionally, regular security assessments should include verification of MySQL server versions and patch status to ensure comprehensive protection against this and similar vulnerabilities in the database infrastructure.