CVE-2023-21977 in MySQL Server
Summary
by MITRE • 04/18/2023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2023-21977 resides within the MySQL Server optimizer component of Oracle MySQL versions 8.0.32 and earlier. This represents a significant security weakness that affects the core database engine functionality, specifically targeting the query optimization processes that MySQL employs to execute database operations. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this flaw to compromise database server availability. The CVSS score of 4.9 reflects the moderate to high impact on system availability, with the attack vector requiring network access and high privileges while posing no user interaction requirements. This vulnerability specifically targets the server's optimizer module, which is responsible for determining the most efficient execution plan for database queries.
The technical flaw manifests as a condition that allows an authenticated attacker with elevated privileges to trigger a denial of service scenario within the MySQL server. When exploited, this vulnerability causes the MySQL server to either hang indefinitely or experience frequent crashes that can be repeatedly triggered, effectively rendering the database service unavailable to legitimate users. The complete denial of service impact means that database operations become impossible until the server is manually restarted or the underlying issue is resolved through patching. This type of vulnerability typically involves memory corruption or improper handling of specific query execution paths within the optimizer that causes the server process to become unstable. The vulnerability affects multiple network protocols, indicating that it can be exploited across various connection methods including TCP/IP, Unix sockets, and other supported communication channels.
The operational impact of this vulnerability extends beyond simple service disruption to potentially affect business continuity and data availability for organizations relying on MySQL database services. When an attacker successfully exploits this vulnerability, they can cause repeated server crashes that may require significant downtime for recovery operations, potentially leading to extended periods where database services remain unavailable. The high privilege requirement suggests that attackers would need to have already gained some level of access to the database system, but once achieved, they can cause substantial disruption to database operations. Organizations may experience cascading effects from this vulnerability, particularly in environments where database availability is critical for application functionality, as the repeated crashes can affect multiple dependent systems and services.
Mitigation strategies for CVE-2023-21977 should prioritize immediate patching of affected MySQL server installations to the latest supported versions that contain fixes for this optimizer-related vulnerability. System administrators should ensure that all MySQL instances running version 8.0.32 or earlier are updated promptly to prevent exploitation. Network segmentation and access controls should be maintained to limit the attack surface, ensuring that only authorized personnel have high-privileged access to database servers. Monitoring systems should be enhanced to detect unusual patterns of server crashes or hangs that might indicate exploitation attempts. Organizations should also implement regular vulnerability assessments and penetration testing to identify similar weaknesses in their database infrastructure. The vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and represents a potential entry point for attackers following the ATT&CK technique of privilege escalation and denial of service. Regular security audits and patch management procedures should be strengthened to address similar optimizer-related vulnerabilities that may exist in database management systems.