PT-2023-1220 · Mysql Server+6 · Mysql Server+6

Zu-Ming Jiang

·

Published

2023-01-17

·

Updated

2024-08-30

·

CVE-2023-21880

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:S/C:N/I:P/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.31 and prior
Description The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data.
Recommendations For versions 8.0.31 and prior, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2023:2621
ALSA-2023:3087
ALT-PU-2023-7318
ALT-PU-2023-7463
ALT-PU-2023-7647
ALT-PU-2023-7888
AZL-13106
BDU:2023-00443
CESA-2023_3087
CVE-2023-21880
OESA-2023-1834
OESA-2023-1835
OESA-2023-1836
OESA-2024-2071
RHSA-2023:1102
RHSA-2023:2621
RHSA-2023:3087
RHSA-2023_2621
RHSA-2023_3087
USN-5823-1
USN-5823-3

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Mysql Server
Red Hat
Ubuntu