CVE-2023-21966 in MySQL Server
Summary
by MITRE • 04/18/2023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2023-21966 represents a critical availability issue within Oracle MySQL Server's JSON processing functionality. This flaw exists in the server component responsible for handling JSON data structures and affects all MySQL 8.0 versions up to and including 8.0.32. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this weakness to disrupt MySQL server operations. The attack vector requires network connectivity and can be executed through multiple protocols, making it particularly concerning for environments where MySQL servers are accessible over networks. The CVSS score of 4.9 reflects the significant availability impact, with a high severity rating for the potential to cause complete denial of service conditions.
The technical nature of this vulnerability stems from improper handling of specific JSON data structures within the MySQL server's processing engine. When maliciously crafted JSON inputs are processed by the server, the flaw triggers an internal error condition that leads to server instability. This instability manifests as either complete server hangs or repeated crash scenarios that can be repeatedly triggered by an attacker. The vulnerability's exploitation does not require elevated privileges beyond what is already available to authenticated users with sufficient access rights. The JSON processing component appears to lack proper input validation and error handling mechanisms when encountering certain malformed or specially constructed JSON data patterns that cause memory corruption or state management failures.
From an operational standpoint, the impact of this vulnerability extends beyond simple service disruption to potentially compromising entire database infrastructure availability. Organizations running MySQL 8.0.32 or earlier versions face significant risk of service interruptions that could affect business-critical applications relying on database connectivity. The vulnerability's ability to cause repeated crashes means that even brief exploitation attempts can lead to sustained service degradation. The complete denial of service condition affects all database operations including read, write, and administrative functions, potentially causing cascading failures in applications that depend on MySQL for data persistence. Recovery from such incidents typically requires manual intervention including server restarts and potential data recovery procedures.
Security professionals should prioritize immediate patching of affected MySQL 8.0 installations to address this vulnerability. Oracle has released patches for this issue in subsequent releases, making it essential for organizations to upgrade to MySQL 8.0.33 or later versions. Organizations unable to immediately upgrade should consider implementing network segmentation and access controls to limit exposure of MySQL servers to privileged attackers. The vulnerability aligns with CWE-121 Stack-based Buffer Overflow and CWE-122 Heap-based Buffer Overflow categories, representing memory corruption issues that can lead to denial of service conditions. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 Compromise of Service Availability and T1566.001 Phishing via Social Media, as attackers may use social engineering to gain the necessary privileges for exploitation. Network monitoring should be enhanced to detect unusual patterns of JSON query processing that might indicate exploitation attempts, and regular security assessments should verify that all MySQL instances have been properly updated to prevent potential compromise.