PT-2021-6991 · Oracle+1 · Oracle Mysql Cluster+1

Published

2021-11-15

Updated

2024-08-30

CVE-2022-21489

CVSS v2.0

6.5

Medium

Vector

AV:A/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL Cluster versions 7.4.35 and prior Oracle MySQL Cluster versions 7.5.25 and prior Oracle MySQL Cluster versions 7.6.21 and prior Oracle MySQL Cluster versions 8.0.28 and prior

Description The issue is related to a buffer overflow in the Cluster: General component of Oracle MySQL Cluster, allowing a high-privileged attacker with access to the physical communication segment to compromise the MySQL Cluster. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of the MySQL Cluster.

Recommendations For versions 7.4.35 and prior, update to a version later than 7.4.35. For versions 7.5.25 and prior, update to a version later than 7.5.25. For versions 7.6.21 and prior, update to a version later than 7.6.21. For versions 8.0.28 and prior, update to a version later than 8.0.28.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2022-2156

ALT-PU-2022-2171

ALT-PU-2023-1912

AZL-9529

BDU:2022-02814

CVE-2022-21489

OESA-2024-2071

ZDI-22-708

Affected Products

Alt Linux

Oracle Mysql Cluster

PT-2021-6991 · Oracle+1 · Oracle Mysql Cluster+1

CVE-2022-21489

Weakness Enumeration

Related Identifiers

Affected Products

References · 233