CVE-2022-21264 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21264 resides within the MySQL Server optimizer component of Oracle MySQL, affecting versions 8.0.27 and earlier. This issue represents a significant availability risk that can be exploited by attackers with high privileges and network access through multiple protocols. The vulnerability classification as easily exploitable indicates that malicious actors with appropriate access levels can leverage this flaw without requiring extensive technical expertise or specialized tools. The CVSS score of 4.9 reflects the moderate severity impact on system availability, with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H clearly demonstrating that network-based attacks requiring high privileges can lead to complete denial of service conditions.
The technical nature of this vulnerability stems from flaws within the query optimizer functionality of MySQL Server, which is responsible for determining the most efficient execution plan for database queries. When specific conditions are met, the optimizer fails to properly handle certain query structures or data processing scenarios, leading to system instability. This malfunction can manifest as either system hangs that require manual intervention or repeated crashes that can be exploited to maintain persistent denial of service conditions. The vulnerability's impact on the server's availability is particularly concerning because database servers form the foundation of most enterprise applications, making any disruption to their operation potentially catastrophic for business operations and data accessibility.
The operational implications of CVE-2022-21264 extend beyond simple service disruption, as it can compromise the entire database infrastructure's reliability and performance. Organizations running affected MySQL versions face the risk of extended downtime during which critical business applications become inaccessible, potentially resulting in revenue loss, customer dissatisfaction, and operational disruption. The requirement for high-privileged access means that this vulnerability is more likely to be exploited by internal threats or attackers who have already gained administrative credentials, making it particularly dangerous in environments where privilege escalation is possible. Security teams must consider this vulnerability as part of their broader threat landscape, especially in scenarios where database administrators have elevated access rights and where network monitoring may not adequately detect the specific patterns of exploitation.
Mitigation strategies for CVE-2022-21264 should prioritize immediate patching of affected MySQL Server installations to version 8.0.28 or later, which contains the necessary fixes for the optimizer-related vulnerability. Organizations should implement comprehensive network segmentation and access controls to limit the potential attack surface, ensuring that only authorized personnel have high-privilege access to database servers. Monitoring systems should be enhanced to detect unusual patterns of database server behavior, including frequent restarts or hangs that may indicate exploitation attempts. The vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and may also relate to ATT&CK technique T1499.004 for network denial of service attacks, emphasizing the importance of implementing robust database security controls. Additionally, organizations should conduct thorough security audits of their database environments to identify any other potential vulnerabilities that could be leveraged in conjunction with this flaw to maximize the overall security posture.