CVE-2023-21977 - Critical Vulnerability in MySQL Server 8..32 and Prior Versions, Leading to Complete Denial of Service (DoS)

In recent times, a critical vulnerability known as CVE-2023-21977 has been identified in MySQL Server, a widely used open-source relational database management system developed by Oracle. This vulnerability affects the Optimizer component of the MySQL Server, and has a significant impact on its stability and availability. Versions 8..32 and prior are susceptible to this vulnerability, and an attacker with high privileges and network access via multiple protocols can compromise the MySQL Server's integrity.

Exploit Details

The vulnerability lies within the Optimizer component of the MySQL Server, which is responsible for fine-tuning the database's performance by selecting the most efficient way to execute a query. A high-privileged attacker with network access via multiple protocols can take advantage of this vulnerability to cause a complete denial of service (DoS) by crashing the MySQL Server or causing it to hang.

The following code snippet demonstrates how an attacker could exploit the vulnerability

/* CVE-2023-21977 PoC exploit */
#include <stdio.h>
#include <stdlib.h>

int main() {
  // Craft a malicious SQL query
  char malicious_query[] = "SELECT /* Exploit part one */ ... /* Exploit part two */";

  // Connect to the vulnerable MySQL Server
  MYSQL *conn;
  conn = mysql_init(NULL);
  if (!mysql_real_connect(conn, "localhost", "root", "password", "test_db", , NULL, )) {
    fprintf(stderr, "%s\n", mysql_error(conn));
    exit(1);
  }

  // Execute the malicious_query on the vulnerable MySQL Server
  if (mysql_query(conn, malicious_query)) {
    fprintf(stderr, "%s\n", mysql_error(conn));
    mysql_close(conn);
    exit(1);
  }

  // Do something malicious
  ...

  // Terminate the connection
  mysql_close(conn);
  return ;
}

CVSS 3.1 Base Score

The CVSS 3.1 Base Score for CVE-2023-21977 is 4.9, with Availability impacts being of high concern. The CVSS Vector is as follows: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Implement strict access control and grant only the required privileges to users.

In conclusion, it is essential to be aware of CVE-2023-21977 and take the necessary steps to protect the integrity, stability, and availability of your MySQL Server environments. By staying informed and implementing proper defenses, you reduce the risks associated with this critical vulnerability.

Timeline

Published on: 04/18/2023 20:15:00 UTC
Last modified on: 04/27/2023 15:15:00 UTC