CVE-2022-21617 in MySQL Server
Summary
by MITRE • 10/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2022-21617 represents a significant availability risk within Oracle MySQL Server implementations, specifically within the Server: Connection Handling component. This flaw affects critical versions including all 5.7.x releases up to 5.7.39 and 8.0.x releases up to 8.0.30, making it a widespread concern across multiple MySQL server generations. The vulnerability operates at the foundational level of connection management, where an attacker with high privileges and network access can exploit this weakness to disrupt service availability. The CVSS score of 4.9 indicates a moderate to high severity threat that primarily targets system availability rather than confidentiality or integrity.
The technical nature of this vulnerability stems from improper handling of connection-related operations within the MySQL server architecture. When exploited, the flaw allows a privileged attacker to craft specific network requests that trigger a condition causing the MySQL server to hang or repeatedly crash, effectively rendering the database service unavailable to legitimate users. This type of vulnerability typically involves memory management issues or improper state handling during connection processing that can be manipulated through carefully constructed protocol interactions. The attack vector requires network access and assumes the attacker already possesses high privileges, suggesting this vulnerability is more likely to be exploited by internal threat actors or those who have already gained elevated access to the system.
The operational impact of this vulnerability extends beyond simple service disruption, as it can lead to complete denial of service conditions that may require manual intervention to restore normal operations. Organizations relying on MySQL for critical database operations face potential business disruption when this vulnerability is successfully exploited, particularly in environments where database availability is paramount for application functionality. The vulnerability's classification as easily exploitable means that skilled attackers can leverage it without requiring extensive technical expertise or specialized tools. This characteristic increases the risk profile significantly, as it reduces the barrier to successful exploitation and makes the vulnerability attractive to a broader range of threat actors.
Mitigation strategies for CVE-2022-21617 should prioritize immediate patching of affected MySQL server versions to the latest available releases that contain the necessary security fixes. Organizations should also implement network segmentation and access controls to limit the attack surface, ensuring that only authorized entities can access MySQL server components. Monitoring systems should be enhanced to detect unusual connection patterns or service disruptions that may indicate exploitation attempts. Additionally, implementing intrusion detection systems that can identify malicious connection handling patterns and maintaining regular backup and recovery procedures will help minimize the impact should exploitation occur. This vulnerability aligns with CWE-121 and CWE-122 categories related to buffer overflow conditions and memory management issues, while also mapping to ATT&CK techniques involving privilege escalation and denial of service operations.