CVE-2023-21917 in MySQL Serverinfo

Summary

by MITRE • 04/18/2023

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/18/2025

The vulnerability identified as CVE-2023-21917 resides within the MySQL Server optimizer component of Oracle MySQL, affecting versions 8.0.30 and earlier. This flaw represents a significant security concern as it operates within the core database engine's query optimization logic, which is critical for database performance and stability. The vulnerability is classified as easily exploitable, indicating that attackers with minimal technical expertise can leverage it effectively. The attack vector requires network access through multiple protocols, suggesting that the vulnerability could be exploited from external networks, making it particularly dangerous for publicly accessible database servers. The high privilege requirement means that attackers must already possess elevated credentials to exploit this vulnerability, though this does not diminish its potential impact on system availability.

The technical nature of this vulnerability manifests as a flaw in the server's optimizer module that can be triggered through specific query patterns or database operations. When exploited, the vulnerability enables attackers to cause either a complete denial of service condition or frequently repeatable crashes within the MySQL Server process. This type of vulnerability directly impacts the availability aspect of the CIA triad, as it can render database services completely inaccessible to legitimate users and applications. The CVSS 3.1 scoring of 4.9 reflects the moderate severity of the availability impact, though the potential for complete system unavailability makes this a critical concern for database administrators. The vulnerability's classification under the availability impact category aligns with CWE-119, which deals with memory corruption issues that can lead to system instability and service disruption. The attack scenario involves an authenticated high-privileged user leveraging network connectivity to send malicious queries or operations that trigger the optimizer flaw.

The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise entire database infrastructures, especially in production environments where database availability is critical for business operations. Organizations running affected MySQL versions face the risk of extended downtime, data access interruptions, and potential loss of business continuity if the vulnerability is successfully exploited. The repeated crash scenario indicates that even a single exploitation attempt could cause multiple system failures, compounding the operational disruption. From an adversarial perspective, this vulnerability aligns with ATT&CK technique T1499.004, which covers network denial of service attacks targeting database systems. The vulnerability's impact is particularly concerning for enterprise environments where MySQL servers handle critical business data and applications, as it could be leveraged to disrupt operations without necessarily requiring advanced exploitation techniques or deep system knowledge.

Organizations should immediately implement mitigations by upgrading to MySQL Server versions 8.0.31 or later, which contain patches addressing this specific optimizer flaw. Network segmentation and access controls should be strengthened to limit potential attack surfaces, particularly by restricting network access to database servers and implementing robust authentication mechanisms. Monitoring systems should be enhanced to detect unusual query patterns or service disruptions that might indicate exploitation attempts. Additionally, implementing database activity monitoring and anomaly detection can help identify potential exploitation attempts before they cause significant damage. Regular vulnerability assessments and penetration testing should be conducted to identify similar weaknesses in database configurations and ensure that security measures remain effective against evolving threats. The vulnerability serves as a reminder of the critical importance of keeping database software updated and maintaining comprehensive security monitoring for mission-critical systems.

Responsible

Oracle

Reservation

12/17/2022

Disclosure

04/18/2023

Moderation

accepted

CPE

ready

EPSS

0.01116

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!