CVE-2023-21955 in MySQL Server
Summary
by MITRE • 04/18/2023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2023-21955 represents a critical availability issue within Oracle MySQL Server's partitioning functionality, specifically affecting versions 8.0.32 and earlier. This weakness resides in the Server: Partition component of the MySQL database system, which is designed to manage large datasets through horizontal partitioning techniques. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this flaw to disrupt database operations. The attack vector requires network connectivity and can be executed through multiple protocols, making it particularly concerning for environments where MySQL servers are accessible over networks. The CVSS score of 4.9 reflects the significant availability impact, with a high base score indicating that successful exploitation can lead to complete denial of service conditions that may require system restarts to resolve.
The technical nature of this vulnerability stems from improper handling of partitioned table operations within the MySQL server architecture. When a high privileged attacker exploits this flaw, the system experiences hangs or repeated crashes that effectively render the database server unavailable to legitimate users and applications. This behavior manifests as a complete denial of service condition where database operations cease functioning properly, requiring manual intervention to restore normal operations. The vulnerability's impact extends beyond simple disruption as it can cause cascading failures in applications that depend on database availability, potentially affecting business continuity and data access. The flaw operates at the server level where partitioning logic fails to properly validate or handle specific conditions during table operations, leading to memory corruption or resource exhaustion scenarios.
From an operational perspective, this vulnerability poses significant risks to organizations relying on MySQL for critical data operations. The requirement for high privileged access means that the threat typically comes from internal users or attackers who have already compromised administrative credentials, making detection more challenging. However, the ease of exploitation combined with the availability impact creates a dangerous combination where even limited access can result in substantial operational damage. The multiple protocol support increases the attack surface, as the vulnerability can be exploited through various network interfaces that MySQL typically supports. Organizations with multiple database instances or those using MySQL in high-availability configurations face increased risk, as the denial of service can affect entire database clusters or replication setups.
The vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and reflects patterns commonly found in database server implementations where complex partitioning logic can introduce memory management issues. From an ATT&CK framework perspective, this vulnerability maps to the T1499.004 technique for endpoint denial of service, specifically targeting database services to disrupt availability. The attack scenario typically involves an authenticated user executing specific partitioning commands that trigger the underlying flaw, causing the MySQL server process to become unresponsive or crash repeatedly. Mitigation strategies should include immediate patching of affected MySQL versions, implementation of network segmentation to limit access to database servers, and enhanced monitoring for unusual patterns of database connection failures or process restarts. Additionally, organizations should consider implementing database access controls and privilege management to limit the potential impact of compromised accounts, while maintaining regular backup and recovery procedures to minimize downtime during exploitation attempts.