Oracle MySQL Server up to 5.7.37/8.0.28 InnoDB denial of service

Summaryinfo

A vulnerability categorized as problematic has been discovered in Oracle MySQL Server up to 5.7.37/8.0.28. This impacts an unknown function of the component InnoDB. The manipulation results in denial of service. This vulnerability was named CVE-2022-21417. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Oracle MySQL Server up to 5.7.37/8.0.28 (Database Software). Affected is an unknown functionality of the component InnoDB. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability.

The weakness was presented 04/19/2022 as Oracle Critical Patch Update Advisory - April 2022. The advisory is shared for download at oracle.com. This vulnerability is traded as CVE-2022-21417. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499.

The vulnerability scanner Nessus provides a plugin with the ID 236677 (Alibaba Cloud Linux 3 : 0081: mysql:8.0 (ALINUX3-SA-2023:0081)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (236677). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Database Software

Vendor

• Oracle

Name

• MySQL Server

Version

• 5.7.0
• 5.7.1
• 5.7.2
• 5.7.3
• 5.7.4
• 5.7.5
• 5.7.6
• 5.7.7
• 5.7.8
• 5.7.9
• 5.7.10
• 5.7.11
• 5.7.12
• 5.7.13
• 5.7.14
• 5.7.15
• 5.7.16
• 5.7.17
• 5.7.18
• 5.7.19
• 5.7.20
• 5.7.21
• 5.7.22
• 5.7.23
• 5.7.24
• 5.7.25
• 5.7.26
• 5.7.27
• 5.7.28
• 5.7.29
• 5.7.30
• 5.7.31
• 5.7.32
• 5.7.33
• 5.7.34
• 5.7.35
• 5.7.36
• 5.7.37
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.0.20
• 8.0.21
• 8.0.22
• 8.0.23
• 8.0.24
• 8.0.25
• 8.0.26
• 8.0.27
• 8.0.28

License

• open-source

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion