CVE-2022-21370 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21370 represents a critical availability threat within Oracle MySQL Server's optimizer component, specifically affecting versions 8.0.27 and earlier. This flaw resides in the server's query optimization logic where improper handling of certain complex query structures can lead to system instability. The vulnerability's classification as easily exploitable indicates that attackers with high privileged access and network connectivity can leverage this weakness to disrupt MySQL server operations. The CVSS score of 4.9 reflects the significant availability impact, with the attack vector being network-based and requiring only low complexity to execute. This vulnerability demonstrates how seemingly routine database operations can be weaponized to create persistent denial of service conditions that severely impact database availability and system reliability.
The technical implementation of this vulnerability stems from improper memory management and resource handling within the MySQL Server's optimizer module. When processing specific combinations of SQL queries involving complex joins, subqueries, or aggregate functions, the optimizer fails to properly manage memory allocations and execution paths, leading to memory corruption or resource exhaustion conditions. The flaw manifests as the server entering a state where it becomes unresponsive or crashes repeatedly, effectively rendering the database service unavailable to legitimate users. This behavior aligns with CWE-121, which describes stack-based buffer overflow conditions, and may also relate to CWE-787, representing out-of-bounds write vulnerabilities that can cause system instability. The vulnerability's impact is amplified because the optimizer component is invoked during routine query processing, making the attack surface broad and difficult to predict.
Operational consequences of this vulnerability extend beyond simple service disruption to encompass broader business continuity implications. Organizations relying on MySQL databases for critical operations face potential downtime that can cascade across dependent applications and services. The vulnerability's ability to cause complete denial of service means that database transactions stall entirely, preventing any data access or modification operations. For enterprise environments, this translates to potential revenue loss, customer service degradation, and increased incident response costs. The high privilege requirement for exploitation suggests that attackers likely already have significant access to the system, making this vulnerability particularly dangerous in environments where administrative access is not properly segmented. From an ATT&CK framework perspective, this vulnerability maps to T1499.004, specifically targeting service stoppage and availability denial, while also relating to T1566.001 through network-based exploitation techniques that leverage existing privileged access.
Mitigation strategies for CVE-2022-21370 should prioritize immediate patching of affected MySQL Server instances to version 8.0.28 or later, where Oracle has implemented fixes addressing the optimizer memory management issues. Organizations should also implement network segmentation to limit access to MySQL servers, ensuring that only authorized administrative users can connect directly to database services. Monitoring systems should be enhanced to detect unusual patterns in query execution that might indicate exploitation attempts, including tracking of query execution times and resource utilization spikes. Database administrators should consider implementing query timeouts and resource limits to prevent single queries from consuming excessive system resources. Additionally, regular backup and recovery procedures should be validated to ensure rapid restoration capabilities in case of successful exploitation. The vulnerability's classification as a high-impact availability threat necessitates comprehensive incident response planning that includes database service restoration protocols and communication procedures for affected stakeholders. Organizations should also conduct vulnerability assessments to identify other potential optimizer-related issues and establish monitoring protocols to detect similar memory management flaws in other database components.