CVE-2022-21608 in MySQL Server
Summary
by MITRE • 10/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2022-21608 resides within the MySQL Server optimizer component of Oracle MySQL database systems, representing a significant availability risk that affects multiple version ranges including 5.7.39 and earlier releases, as well as 8.0.30 and prior versions. This flaw operates at the core of MySQL's query processing mechanism where the optimizer component is responsible for determining the most efficient execution plan for database queries. The vulnerability specifically manifests when the optimizer encounters certain complex query patterns that trigger an internal processing error, leading to system instability. The attack vector requires an attacker with high privileges and network access through multiple protocols, indicating that this vulnerability is not easily exploitable by casual threat actors but poses a serious risk to organizations where privileged database access is compromised.
The technical nature of this vulnerability stems from improper handling of specific query execution paths within the MySQL optimizer, where certain combinations of query constructs cause the system to enter an infinite loop or resource exhaustion state. This type of flaw falls under the CWE classification of CWE-787: Out-of-bounds Write, though more specifically aligns with improper resource management and control flow issues within database query optimization engines. The vulnerability's impact is categorized as a complete denial of service condition where the MySQL server becomes unresponsive or repeatedly crashes, effectively rendering the database service unavailable to legitimate users and applications. The CVSS 3.1 score of 4.9 reflects the moderate severity of the availability impact, with the high privilege requirement and network access prerequisites limiting the attack surface but not eliminating the risk entirely.
From an operational perspective, this vulnerability presents a substantial risk to database availability and business continuity, particularly in environments where MySQL serves as a critical backend component for applications and services. Organizations running affected MySQL versions face potential downtime that could span from minutes to hours depending on the frequency of the triggering queries and the recovery mechanisms in place. The vulnerability's exploitation results in complete system unavailability rather than data compromise, making it particularly dangerous for mission-critical applications that depend on continuous database access. The fact that this affects both MySQL 5.7 and 8.0 version streams indicates a widespread impact across the MySQL ecosystem, requiring comprehensive patch management across all affected systems. Security teams must also consider the potential for this vulnerability to be leveraged as part of broader attack campaigns, where initial access through other means could be followed by exploitation of this availability flaw to maximize disruption.
Mitigation strategies for CVE-2022-21608 primarily focus on immediate patching of affected MySQL installations with the vendor-provided security updates. Organizations should prioritize updating their MySQL servers to versions that contain the fix for this optimizer-related vulnerability, typically found in MySQL 5.7.40 and 8.0.31 releases. Network segmentation and access controls should be reinforced to limit the attack surface, ensuring that only authorized personnel have high-privilege access to database systems. Monitoring systems should be enhanced to detect unusual query patterns that might indicate attempts to trigger this vulnerability, while implementing automated alerting for database service disruptions. Additionally, database administrators should consider implementing query execution limits and resource controls to prevent a single malicious query from consuming excessive system resources. The ATT&CK framework classification for this vulnerability would place it under the T1499.004 technique for Network Denial of Service, with potential for lateral movement if the attacker gains access through other vectors. Regular vulnerability assessments and penetration testing should be conducted to identify and remediate similar issues within the database infrastructure, while maintaining up-to-date security baselines and configuration management practices.