CVE-2022-21270 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21270 resides within the MySQL Server federated storage engine component, representing a significant availability risk for affected database systems. This flaw specifically impacts MySQL versions 5.7.36 and earlier, as well as 8.0.27 and prior releases, making it a widespread concern across multiple MySQL server versions. The vulnerability operates through the Server: Federated component, which enables MySQL to access data from external databases through a federated table interface, creating a potential attack surface that adversaries can exploit to disrupt database operations.
The technical nature of this vulnerability stems from improper handling of certain operations within the federated storage engine, which allows a high privileged attacker with network access to trigger a condition that results in complete denial of service. The attack requires minimal complexity to execute, as indicated by the CVSS 3.1 Base Score of 4.9 with a low attack complexity rating, making it particularly dangerous as it can be exploited by attackers who already possess elevated privileges within the network environment. The vulnerability specifically targets the federated storage engine's ability to process external database connections, causing the MySQL server to either hang or repeatedly crash in a manner that completely disrupts database availability.
From an operational perspective, successful exploitation of this vulnerability can result in complete denial of service conditions that severely impact database availability and business continuity operations. The impact extends beyond simple service interruption as the vulnerability can cause the MySQL server to become unresponsive or enter a state of frequent crashes that requires manual intervention to restore normal operations. This type of availability impact represents a critical concern for database administrators and system operators who rely on consistent database availability for their applications and services. The vulnerability's classification as a complete DOS condition means that legitimate database users and applications will be unable to access the database services until the server is manually restarted or the underlying issue is resolved.
The security implications of CVE-2022-21270 align with CWE-119, which addresses memory corruption vulnerabilities, and can be categorized under ATT&CK technique T1499.004 for network denial of service attacks. Organizations should implement immediate mitigation strategies including applying the latest security patches from Oracle, disabling the federated storage engine if it is not required for operations, and implementing network segmentation controls to limit access to MySQL server instances. Additionally, monitoring for unusual database connection patterns and implementing intrusion detection systems can help identify potential exploitation attempts. The vulnerability's classification as requiring high privilege access means that organizations should focus on privilege management and access controls as part of their overall security posture to prevent unauthorized access to database systems. This issue highlights the importance of maintaining up-to-date database software and implementing comprehensive security monitoring to detect and respond to potential exploitation attempts before they can cause significant operational disruption.