Zu-Ming Jiang

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Recommendations: For MySQL Server versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue. For MySQL Server versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. Recommendations: For MySQL Server versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue. For MySQL Server versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. This can be exploited by a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Recommendations: For MySQL Server versions 8.0.36 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 8.3.0 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The issue allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version later than 8.0.35. For MySQL Server versions 8.2.0 and prior, update to a version later than 8.2.0. As a temporary workaround, consider restricting network access to the MySQL Server until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.34 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. This allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.34 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 5.7.43 and prior MySQL Server versions 8.0.31 and prior **Description** The vulnerability is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For MySQL Server versions 5.7.43 and prior, update to a version later than 5.7.43 to resolve the issue. For MySQL Server versions 8.0.31 and prior, update to a version later than 8.0.31 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.32 and prior **Description** The vulnerability is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a remote attacker to cause a denial of service. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.32 and prior, update to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.31 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.31 and prior, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.31 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.31 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.31 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.31 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.31 and prior **Description** The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data. **Recommendations** For versions 8.0.31 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.30 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.30 and prior, update to a version later than 8.0.30 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Additionally, monitor server performance and logs to quickly identify and respond to potential attacks.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.29 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data. **Recommendations** For versions 8.0.29 and prior, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.28 and prior **Description** The issue is related to the Server: Optimizer component of Oracle MySQL Server and is caused by inadequate access control. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all MySQL Server accessible data, as well as the ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For versions 8.0.28 and prior, update to a version later than 8.0.28 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Restrict access to sensitive data and implement additional monitoring to detect potential attacks. At the moment, there is no information about other workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.28 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.28 and prior, update to a version later than 8.0.28 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.