CVE-2022-21352 in MySQL Serverinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/17/2025

The vulnerability identified as CVE-2022-21352 resides within the InnoDB storage engine component of Oracle MySQL Server affecting versions 8.0.26 and earlier. This represents a significant security flaw that demonstrates how database infrastructure components can be exploited to undermine system integrity and availability. The vulnerability operates at a fundamental level within the database engine's transaction processing and data management capabilities, creating potential pathways for malicious actors to manipulate critical system resources.

The technical nature of this vulnerability manifests as a flaw in the InnoDB storage engine's handling of specific database operations that can be triggered through network-based attacks. The attack vector requires an attacker with high privileges and network access via multiple protocols, indicating that the vulnerability may be exploited from external networks or through compromised internal systems. This characteristic aligns with CWE-284 (Improper Access Control) and represents a privilege escalation scenario where attackers can leverage existing access to perform unauthorized actions within the database environment. The CVSS score of 5.9 reflects the moderate to high severity of impact, particularly emphasizing the integrity and availability aspects of the compromise.

The operational impact of this vulnerability extends beyond simple data manipulation to include complete denial of service conditions that can render database systems unusable. Successful exploitation enables attackers to create, delete, or modify critical database content, potentially leading to data corruption or complete data loss. The ability to cause frequent crashes or hangs represents a serious availability threat that can disrupt business operations and compromise the reliability of database-dependent applications. This vulnerability particularly affects organizations relying on MySQL for critical data processing and storage operations, where database availability and data integrity are paramount to business continuity.

Mitigation strategies for CVE-2022-21352 should prioritize immediate patching of affected MySQL Server installations to version 8.0.27 or later, which contains the necessary security fixes. Organizations should implement network segmentation and access controls to limit exposure of database systems to untrusted networks, reducing the attack surface available to potential adversaries. The principle of least privilege should be enforced rigorously, ensuring that database accounts have minimal necessary permissions and that administrative access is tightly controlled through secure authentication mechanisms. Network monitoring and intrusion detection systems should be configured to detect anomalous database access patterns that might indicate exploitation attempts. Additionally, regular security assessments and vulnerability scanning should be conducted to identify and remediate similar issues within the broader database infrastructure ecosystem, aligning with ATT&CK framework tactics related to privilege escalation and defense evasion.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01296

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!