PT-2023-15909 · Oracle+10 · Mysql Server+9

Yiyuaner

Publicado

2022-07-17

Atualizado

2025-08-19

CVE-2022-4899

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions zstd version 1.4.10 MySQL Server versions 8.0.33 and earlier

Description A vulnerability was found where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun. This issue can be exploited by a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, potentially resulting in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations For zstd version 1.4.10, consider disabling the command line tool until a patch is available. For MySQL Server versions 8.0.33 and earlier, update to a version later than 8.0.33 to resolve the issue. As a temporary workaround, restrict access to the command line tool to minimize the risk of exploitation.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALSA-2024:0894

ALSA-2024:1141

ALT-PU-2023-7321

ALT-PU-2023-7463

ALT-PU-2023-7647

ALT-PU-2023-7888

AZL-25813

BDU:2025-03964

CESA-2024_0894

CVE-2022-4899

GHSA-5C9C-6X87-F9VM

INFSA-2024_1141

MGASA-2023-0128

OESA-2023-1213

OESA-2023-1214

OPENSUSE-SU-2024:13613-1

PYSEC-2023-121

RHSA-2024:0894

RHSA-2024:1141

RHSA-2024:2619

RHSA-2024_0894

RHSA-2024_1141

SUSE-SU-2023:1688-1

SUSE-SU-2023:2074-1

SUSE-SU-2023_1688-1

SUSE-SU-2023_2074-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Mysql Server

Red Hat

Rocky Linux

Suse

Zstd

PT-2023-15909 · Oracle+10 · Mysql Server+9

CVE-2022-4899

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 206