CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and  8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
oraclemysql
5.7.0 ≤
𝑥
≤ 5.7.43
oraclemysql
8.0 ≤
𝑥
≤ 8.0.34
oraclemysql
8.1.0
netapponcommand_insight
-
mariadbmariadb
10.4.0 ≤
𝑥
< 10.4.32
mariadbmariadb
10.5.0 ≤
𝑥
< 10.5.23
mariadbmariadb
10.6.0 ≤
𝑥
< 10.6.16
mariadbmariadb
10.10.0 ≤
𝑥
< 10.10.7
mariadbmariadb
10.11.0 ≤
𝑥
< 10.11.6
mariadbmariadb
11.0.0 ≤
𝑥
< 11.0.4
mariadbmariadb
11.1.0 ≤
𝑥
< 11.1.3
mariadbmariadb
11.2.0 ≤
𝑥
< 11.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
1:10.11.6-0+deb12u1
fixed
sid
1:11.4.4-2
fixed
trixie
1:11.4.3-1
fixed
mariadb-10.5
bullseye
1:10.5.23-0+deb11u1
fixed
bullseye (security)
1:10.5.26-0+deb11u2
fixed
mysql-8.0
sid
8.0.40-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb
bionic
dne
focal
dne
jammy
dne
lunar
ignored
mantic
Fixed 1:10.11.6-0ubuntu0.23.10.2
released
noble
not-affected
oracular
not-affected
trusty
dne
xenial
dne
mariadb-10.0
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
ignored
mariadb-10.1
bionic
ignored
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
mariadb-10.3
bionic
dne
focal
Fixed 1:10.3.39-0ubuntu0.20.04.2
released
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
mariadb-10.6
bionic
dne
focal
dne
jammy
Fixed 1:10.6.16-0ubuntu0.22.04.1
released
lunar
ignored
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
mariadb-5.5
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
mysql-5.5
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
mysql-5.6
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
mysql-5.7
bionic
Fixed 5.7.44-0ubuntu0.18.04.1+esm1
released
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
Fixed 5.7.44-0ubuntu0.16.04.1+esm1
released
mysql-8.0
bionic
dne
focal
Fixed 8.0.35-0ubuntu0.20.04.1
released
jammy
Fixed 8.0.35-0ubuntu0.22.04.1
released
lunar
Fixed 8.0.35-0ubuntu0.23.04.1
released
mantic
Fixed 8.0.35-0ubuntu0.23.10.1
released
noble
Fixed 8.0.35-0ubuntu1
released
oracular
Fixed 8.0.35-0ubuntu1
released
trusty
dne
xenial
dne
percona-server-5.6
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
needs-triage
percona-xtradb-cluster-5.5
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
percona-xtradb-cluster-5.6
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
libmariadbd19
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-client
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-errormessages
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
mariadb-tools
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP7
11.4.5-150700.1.2
fixed
suse enterprise server 15 SP2
10.4.32-150200.3.48.1
fixed
suse enterprise server 15 SP3
10.5.23-150300.3.38.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP7
11.4.5-150700.1.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
galera
RHEL 9
0:26.4.20-1.el9_5
fixed
mariadb
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-backup
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-common
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-devel
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-embedded
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-embedded-devel
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-errmsg
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-gssapi-server
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-oqgraph-engine
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-pam
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server-galera
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server-utils
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-test
RHEL 9
3:10.5.27-1.el9_5
fixed
mysql
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-common
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-devel
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-errmsg
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-libs
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-server
RHEL 9
0:8.0.36-1.el9_3
fixed
mysql-test
RHEL 9
0:8.0.36-1.el9_3
fixed
References
https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/
https://security.netapp.com/advisory/ntap-20231027-0009/
https://www.oracle.com/security-alerts/cpuoct2023.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/
https://security.netapp.com/advisory/ntap-20231027-0009/
https://www.oracle.com/security-alerts/cpuoct2023.html