PT-2023-15909 · Oracle+10 · Mysql Server+9

Yiyuaner

Published

2022-07-17

Updated

2025-08-19

CVE-2022-4899

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions zstd version 1.4.10 MySQL Server versions 8.0.33 and earlier

Description A vulnerability was found where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun. This issue can be exploited by a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, potentially resulting in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations For zstd version 1.4.10, consider disabling the command line tool until a patch is available. For MySQL Server versions 8.0.33 and earlier, update to a version later than 8.0.33 to resolve the issue. As a temporary workaround, restrict access to the command line tool to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:0894

ALSA-2024:1141

ALT-PU-2023-7321

ALT-PU-2023-7463

ALT-PU-2023-7647

ALT-PU-2023-7888

AZL-25813

BDU:2025-03964

CESA-2024_0894

CVE-2022-4899

GHSA-5C9C-6X87-F9VM

INFSA-2024_1141

MGASA-2023-0128

OESA-2023-1213

OESA-2023-1214

OPENSUSE-SU-2024:13613-1

PYSEC-2023-121

RHSA-2024:0894

RHSA-2024:1141

RHSA-2024:2619

RHSA-2024_0894

RHSA-2024_1141

SUSE-SU-2023:1688-1

SUSE-SU-2023:2074-1

SUSE-SU-2023_1688-1

SUSE-SU-2023_2074-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Mysql Server

Red Hat

Rocky Linux

Suse

Zstd

PT-2023-15909 · Oracle+10 · Mysql Server+9

CVE-2022-4899

Weakness Enumeration

Related Identifiers

Affected Products

References · 206