CVE-2022-21605 My MySQL Server is vulnerable to a database attack in versions 8.0.28 and earlier.

Workarounds There are no workarounds at this time. However, assigned CVEs are MITRE CVEs, so if another vendor is already working on a fix, then it would be best to have that patch applied as soon come as possible. CVE-2017-10231 - INSERT statement executed without respecting the "ignore_db_data" setting when handling incoming data, which might result in information disclosure (bsc#1075150) - A bug exists in the handling of binary logging events. A denial of service (DoS) condition can occur if a user application attempts to write to a `mysqlbinlog --start-data=DUMPFILE>` or `mysrhplog` table that has an excessive length for the binary logging event data. This is because a maximum length of 64k for the binary logging event data is enforced. If an application attempts to write longer data, the application will encounter the following error: `22: Incorrect length for 'binary logging event data' (mysqlbinlog --start-data=DUMPFILE>). - A bug exists in the handling of binlog events. An attacker can exploit this issue to cause a denial of service (DoS) condition. CVE-2017-10232 - INSERT DELAYED, UPDATE, and SELECT statements that specify a timestamp column use a server-generated time instead of the time the server received the statement. This may result in incorrect processing of these statements

References !– style="background: #f5f5f5;"–>

- https://kb.askmonty.org/en/mariadb-10020-release-notes
- https://kb.askmonty.org/en/mariadb-10106-release-notes

Workarounds There are no workarounds at this time. However, assigned CVEs are MITRE CVEs, so if another vendor is already working on a fix, then it would be best to have that patch applied as soon come as possible. CVE-2017-10231 - INSERT statement executed without respecting the "ignore_db_data" setting when handling incoming data, which might result in information disclosure (bsc#1075150) - A bug exists in the handling of binary logging events. A denial of service (DoS) condition can occur if a user application attempts to write to a `mysqlbinlog --start-data=DUMPFILE>` or `mysrhplog` table that has an excessive length for the binary logging event data. This is because a maximum length of 64k for the binary logging event data is enforced. If an application attempts to write longer data, the application will encounter the following error: `22: Incorrect length for 'binary logging event data' (mysqlbinlog --start-data=DUMPFILE>). - A bug exists in the handling of binlog events. An

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21605