Vulnerability CVE-2022-21427: Information

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-21427
Published: April 20, 2022
Modified: Oct. 27, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus8.0.29-alt18.0.36-alt1ALT-PU-2022-2156-1299826Fixed
MySQLsisyphus_e2k8.0.29-alt18.0.36-alt1ALT-PU-2022-5632-1-Fixed
MySQLsisyphus_riscv648.0.30-alt0.1.rv648.0.30-alt0.2.rv64ALT-PU-2022-5950-1-Fixed
MySQLp108.0.29-alt18.0.36-alt1ALT-PU-2022-2171-1302902Fixed
MySQLp10_e2k8.0.29-alt18.0.36-alt1ALT-PU-2022-5561-1-Fixed
MySQLc10f18.0.29-alt18.0.36-alt1ALT-PU-2022-2171-1302902Fixed
MySQLc9f28.0.30-alt1.0.c9.18.0.36-alt0.c9.1ALT-PU-2023-1912-1321845Fixed
mariadbsisyphus10.5.11-alt110.11.7-alt2.1ALT-PU-2021-2333-1278161Fixed
mariadbp1010.6.9-alt110.6.17-alt3ALT-PU-2022-2446-1304969Fixed
mariadbp910.4.31-alt0.M90P.110.4.32-alt0.M90P.1ALT-PU-2023-6462-3332127Fixed
mariadbc10f110.6.9-alt110.6.17-alt1ALT-PU-2022-2446-1304969Fixed
mariadbc9f210.6.9-alt110.6.15-alt1ALT-PU-2023-1583-1317769Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Patch
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20220429-0005/
  • Third Party Advisory
[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.7.0
      End including
      5.7.37
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      8.0.0
      End including
      8.0.28

      Configuration 2

      cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
      cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

      Configuration 3

      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.5.0
      End excliding
      10.5.7
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.3.0
      End excliding
      10.3.35
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.4.0
      End excliding
      10.4.25
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.2.0
      End excliding
      10.2.44

      Configuration 4

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top