Lucene search

OracleCVE-2023-22084

HistoryOct 17, 2023 - 10:15 p.m.

CVE-2023-22084

2023-10-1722:15:13

oracle

web.nvd.nist.gov

101

cve-2023-22084

oracle

mysql server

innodb

dos

network access

vulnerability

cvss

nvd

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

28.7%

JSON

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Affected configurations

Nvd

Vulners

Node

oraclemysqlRange5.7.0–5.7.43

oraclemysqlRange8.0–8.0.34

oraclemysqlMatch8.1.0

Node

netapponcommand_insightMatch-

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

VendorProductVersionCPE
oraclemysql*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oraclemysql8.1.0cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	mysql	*	cpe:2.3:a:oracle:mysql::::::::
oracle	mysql	8.1.0	cpe:2.3:a:oracle:mysql:8.1.0:::::::*
netapp	oncommand_insight	-	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*
fedoraproject	fedora	38	cpe:2.3:o:fedoraproject:fedora:38:::::::*
fedoraproject	fedora	39	cpe:2.3:o:fedoraproject:fedora:39:::::::*

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "MySQL Server",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.7.43",
        "versionType": "custom"
      },
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "8.0.34",
        "versionType": "custom"
      },
      {
        "version": "8.1.0",
        "status": "affected"
      }
    ]
  }
]