CVE-2022-21379 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/18/2025
The vulnerability identified as CVE-2022-21379 resides within the MySQL Server's Group Replication Plugin component, representing a significant availability risk for affected systems. This flaw affects MySQL Server versions 8.0.27 and earlier, making it a widespread concern for organizations maintaining legacy database environments. The vulnerability's classification as easily exploitable indicates that attackers with minimal technical expertise can leverage this weakness, particularly when they possess high privileged access and network connectivity. The attack vector through multiple protocols suggests that threat actors can potentially exploit this vulnerability across various network interfaces and communication channels, amplifying the attack surface and making defensive measures more complex. The CVSS 3.1 score of 4.9 reflects a moderate severity level, though the availability impact rating of high creates serious operational concerns for database-dependent applications and services.
The technical nature of this vulnerability involves a flaw within the Group Replication Plugin's implementation that can be triggered by malicious input or specific operational conditions. This plugin serves as a critical component for MySQL's distributed database functionality, enabling multi-master replication and high availability configurations. When exploited, the vulnerability can cause the MySQL Server to enter a state where it becomes unresponsive or experiences repeated crashes, effectively rendering the database service unavailable to legitimate users and applications. The complete denial of service condition represents a severe operational impact, as database servers form the foundation of most enterprise applications, making this vulnerability particularly dangerous in production environments. The vulnerability's design allows for a hang condition or frequently repeatable crash scenarios, indicating that the flaw may not require complex exploitation techniques but rather specific conditions that can be readily reproduced by attackers.
The operational impact of CVE-2022-21379 extends beyond simple service disruption, potentially affecting business continuity and data availability for organizations relying on MySQL Group Replication configurations. System administrators and database operators face the challenge of maintaining service availability when such vulnerabilities exist, as the vulnerability's exploitation can result in complete service outages that may take considerable time to recover from. The high privileged attacker requirement suggests that this vulnerability may be exploited by insiders or attackers who have already gained elevated access to the network, making it particularly concerning for organizations with compromised accounts or insufficient access controls. The availability impact rating of high in the CVSS vector indicates that successful exploitation can lead to complete system unavailability, which can have cascading effects on dependent applications and services, potentially causing widespread operational disruption.
Organizations should prioritize immediate remediation efforts by upgrading to MySQL Server versions 8.0.28 or later, which contain the necessary patches to address this vulnerability. Security teams should conduct comprehensive vulnerability assessments to identify systems running affected MySQL versions and implement network segmentation to limit exposure. The mitigation strategy should include monitoring for anomalous database behavior and implementing intrusion detection systems that can identify potential exploitation attempts. Additionally, organizations should review and strengthen their access control policies to ensure that only authorized personnel have high privileged access to database systems, reducing the risk of insider exploitation. This vulnerability aligns with CWE-119, which addresses improper access to memory, and may be related to ATT&CK technique T1499.004 for network denial of service attacks, highlighting the importance of implementing robust network security controls and database monitoring solutions to prevent successful exploitation attempts.