Yuyue Wang

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.23 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For versions 8.0.23 and prior, update to a version later than 8.0.23 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: DML component. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the takeover of the MySQL Server or cause a hang or frequently repeatable crash (complete DOS) of the server. **Recommendations** For versions 8.0.21 and prior, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.