CVE-2022-21351 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21351 resides within the MySQL Server optimizer component of Oracle MySQL, affecting versions 8.0.27 and earlier. This flaw represents a significant security concern that exploits the database server's query optimization mechanisms to execute malicious operations. The vulnerability operates through multiple network protocols, making it particularly dangerous as it can be leveraged by attackers with minimal privileges who have network connectivity to the target system. The affected optimizer component processes database queries and execution plans, creating an attack surface where malicious input can manipulate the server's behavior in unexpected ways.
The technical exploitation of this vulnerability occurs when a low-privileged attacker crafts specific database queries that trigger malformed optimization paths within the MySQL server. This flaw allows for the manipulation of the server's internal state through carefully constructed inputs that bypass normal access controls. The vulnerability's classification as easily exploitable indicates that the attack vector requires minimal technical sophistication, making it particularly concerning for production environments where database servers are frequently accessed by various user accounts with different privilege levels. The attack can be executed over multiple protocols including TCP/IP connections, which means that network-based attacks can target the server regardless of the specific communication method being used.
The operational impact of CVE-2022-21351 extends beyond simple denial of service conditions to include potential data integrity compromise. Successful exploitation can result in complete denial of service scenarios where the MySQL server becomes unresponsive or crashes repeatedly, effectively rendering database services unavailable to legitimate users. Additionally, the vulnerability enables unauthorized modification of database contents, allowing attackers to perform insert, update, or delete operations on specific portions of the database that should otherwise be protected. This dual impact on availability and integrity creates a particularly dangerous threat landscape where both service disruption and data corruption can occur simultaneously, with the potential for significant business disruption and regulatory compliance issues.
The CVSS 3.1 score of 7.1 reflects the severity of this vulnerability with a base score of 7.1 indicating high risk. The vector assessment shows AV:N (network access required), AC:L (low attack complexity), PR:L (low privilege required), and UI:N (no user interaction needed), making this vulnerability particularly attractive to attackers who may not have extensive technical capabilities. The impact assessment reveals INT: L (low integrity impact) and AV: H (high availability impact), demonstrating that while direct data modification may be limited, the availability consequences are severe enough to cause complete service disruption. This vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and maps to ATT&CK technique T1499.004 for network denial of service attacks, representing a clear pathway for adversaries to establish persistent access and cause operational damage.
Organizations should immediately implement mitigation strategies including applying the relevant Oracle Critical Patch Update (CPU) that addresses this vulnerability, as well as implementing network segmentation to limit access to MySQL servers. Database access controls should be reviewed and strengthened to ensure that users have only the minimum necessary privileges, and network monitoring should be enhanced to detect anomalous database query patterns. Additionally, implementing database activity monitoring solutions can help identify potential exploitation attempts before they result in successful attacks, while regular vulnerability scanning should be conducted to ensure that all systems remain protected against similar threats. The combination of patch management, access control hardening, and monitoring solutions provides a comprehensive defense strategy against this particular vulnerability and similar optimizer-based threats.