CVE-2022-21351 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.

CVE-2022-21351 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.

Vulnerable versions can be updated to 8.0.28 or later to fix this issue. For upgrade instructions see: In a short attack scenario, low privileged attacker with network access via multiple protocols can compromise MySQL Server.

In a long attack scenario, low privileged attacker with network access via multiple protocols can compromise MySQL Server. Bug#72469 - High CVE-2016-6661: Remote denial of service in InnoDB. We were informed that CVE-2015-4791 and CVE-2016-6660 have been patched in the 8.0.28 version. However, the problem remains in older versions. In order to resolve the issue and patch affected versions, update MySQL Server version to version 8.0.28 or later. See also: https://dev.mysql.com/doc/relnotes/mysql/en/security-advisory-201609-01.html In case of doubt, users are advised to update to latest version. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2016-6661 is a generic vulnerability that applies to all database servers. Technical details: Remote denial of service in InnoDB.

The denial of service can be triggered by a user

Vulnerable code snippet nowiki

In case of doubt, users are advised to update to latest version.

Vulnerable and Fixed Software

The following table lists the MySQL software versions that are known to be affected by this vulnerability.

Version | Vulnerable | Fixed*
8.0.18 and earlier | Yes | Yes
8.0.19 and later | Yes
8.0.20 and later | Yes

Summary of Vulnerability

A denial of service vulnerability in InnoDB that affects all versions of MySQL Server has been patched. The vulnerability can be triggered by a user without authentication. A low privileged attacker with network access via multiple protocols can exploit the vulnerability to compromise MySQL Server.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe