CVE-2023-22028 in MySQL Serverinfo

Summary

by MITRE • 10/25/2023

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/18/2025

The vulnerability identified as CVE-2023-22028 resides within the MySQL Server optimizer component of Oracle MySQL, affecting versions 5.7.43 and earlier, as well as 8.0.31 and earlier. This represents a significant security concern as it impacts the core query processing functionality that governs how MySQL executes database operations. The vulnerability falls under the Common Weakness Enumeration category CWE-121, which deals with stack-based buffer overflow conditions, indicating that the flaw likely involves improper handling of memory allocation during query optimization processes. The attack vector requires an attacker with high privileges and network access through multiple protocols, suggesting that this vulnerability could be exploited by malicious actors who have already gained administrative access to the MySQL server environment or through network-based attacks targeting exposed database services.

The technical nature of this vulnerability stems from improper memory management within the optimizer module, which is responsible for determining the most efficient execution plan for database queries. When processing certain complex queries or specific query patterns, the optimizer component fails to properly validate or handle memory allocations, potentially leading to buffer overflows or memory corruption scenarios. This flaw manifests as a complete denial of service condition where successful exploitation results in the MySQL server becoming unresponsive or experiencing frequent crashes that require manual intervention to restore service availability. The CVSS 3.1 base score of 4.9 indicates a moderate severity impact with availability being the primary concern, though the vulnerability's exploitation requires elevated privileges making it less likely to be exploited by casual attackers.

From an operational perspective, the impact of this vulnerability extends beyond simple service disruption as database servers are fundamental to most enterprise applications and services. When MySQL servers experience complete denial of service conditions due to this vulnerability, organizations face potential data unavailability, application downtime, and service interruptions that can affect business operations significantly. The vulnerability's classification as easily exploitable means that once an attacker has high-privileged access to the system, they can reliably trigger the denial of service condition without requiring complex attack chains or specialized tools. This makes the vulnerability particularly dangerous in environments where database administrators may have elevated privileges or where network exposure is not properly controlled. The complete DOS condition can be triggered repeatedly, making it difficult for administrators to maintain service availability and potentially requiring complete server restarts to restore normal operations.

Organizations should implement immediate mitigations including applying the latest security patches from Oracle MySQL releases, which address the memory handling issues within the optimizer component. Network segmentation and access controls should be strengthened to limit the attack surface and reduce the likelihood of unauthorized high-privileged access to MySQL servers. Regular monitoring of database server performance and availability should be implemented to detect potential exploitation attempts or service disruptions. The ATT&CK framework categorizes this vulnerability under the T1499.004 technique for Network Denial of Service, indicating that attackers may leverage this weakness to disrupt database services. Additionally, implementing database activity monitoring solutions can help detect unusual query patterns that might indicate exploitation attempts. System administrators should also consider implementing automated failover mechanisms and backup procedures to minimize the impact of potential denial of service conditions. The vulnerability's nature suggests that it could be exploited as part of broader attack campaigns targeting database infrastructure, making comprehensive security assessments and continuous monitoring essential for maintaining database server integrity and availability.

Responsible

Oracle

Reservation

12/17/2022

Disclosure

10/25/2023

Moderation

accepted

CPE

ready

EPSS

0.00891

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!