CVE-2022-21378 in MySQL Serverinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/18/2025

The vulnerability identified as CVE-2022-21378 represents a significant security flaw within Oracle MySQL Server's optimizer component that affects versions 8.0.27 and earlier. This issue falls under the broader category of database server vulnerabilities and specifically targets the query optimization engine that processes SQL statements. The vulnerability is classified as easily exploitable, meaning that attackers with minimal technical expertise can leverage it to compromise affected systems, particularly when they possess high-privileged network access through multiple protocols.

The technical nature of this vulnerability stems from improper handling within the MySQL Server's optimizer module, which is responsible for determining the most efficient execution plan for database queries. When maliciously crafted queries are processed through this component, the optimizer fails to properly validate input parameters, leading to potential memory corruption or resource exhaustion conditions. This flaw enables attackers to manipulate the database server's execution flow in ways that can cause system instability and unauthorized data manipulation.

From an operational impact perspective, the vulnerability presents a dual threat to database security and availability. The primary risk involves complete denial of service conditions where attackers can cause the MySQL Server to hang or crash repeatedly, effectively rendering the database service unavailable to legitimate users. Additionally, the vulnerability allows for unauthorized modification of data within the database, enabling attackers to perform unauthorized update, insert, or delete operations on specific database components. The CVSS 3.1 score of 5.5 indicates a moderate severity level with significant impacts to integrity and availability, making this vulnerability particularly concerning for production environments.

The attack vector for this vulnerability requires an attacker to possess high-privileged network access to the MySQL server, which typically means they already have some level of legitimate access to the database environment. This could include legitimate database users with elevated privileges or attackers who have gained access through other means such as network infiltration or credential compromise. The multiple protocol access capability means that attackers can potentially exploit this vulnerability through various network interfaces that MySQL supports, increasing the attack surface and making detection more challenging.

Organizations should prioritize immediate remediation of this vulnerability by upgrading to MySQL Server version 8.0.28 or later, which contains the necessary patches to address the optimizer component flaw. The vulnerability aligns with CWE-121, which describes heap-based buffer overflow conditions, and represents a classic example of how improper input validation in database query processing can lead to system instability. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and denial of service, potentially enabling attackers to move laterally within database environments and disrupt business operations. Network segmentation and access controls should be implemented to limit exposure, while regular monitoring of database server processes can help detect unusual behavior patterns that might indicate exploitation attempts.

The broader implications of this vulnerability extend beyond immediate system compromise, as it demonstrates the critical importance of maintaining up-to-date database server software and implementing comprehensive security monitoring strategies. Database administrators should conduct thorough vulnerability assessments of their MySQL environments to identify and remediate similar issues, while also establishing incident response procedures specifically designed for database security incidents. Regular security audits of database access controls and query execution patterns can help detect anomalous behavior that might indicate exploitation attempts, providing early warning capabilities that are essential for protecting sensitive data assets in enterprise environments.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01223

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!