Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-21982[0]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21980[1]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Client programs). Supported versions that are affected are 5.7.41 and | prior and 8.0.32 and prior. Difficult to exploit vulnerability allows | low privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks require human interaction | from a person other than the attacker. Successful attacks of this | vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base | Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). CVE-2023-21977[2]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21976[3]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21972[4]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DML). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21966[5]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: JSON). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21962[6]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Components Services). Supported versions that are affected are | 8.0.32 and prior. Easily exploitable vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21955[7]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Partition). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21953[8]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Partition). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21947[9]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Components Services). Supported versions that are affected are | 8.0.32 and prior. Difficult to exploit vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.4 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21946[10]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows low privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21945[11]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21940[12]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Components Services). Supported versions that are affected are | 8.0.32 and prior. Difficult to exploit vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.4 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21935[13]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21933[14]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DDL). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21929[15]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DDL). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server as well as unauthorized update, insert | or delete access to some of MySQL Server accessible data. CVSS 3.1 | Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2023-21920[16]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21919[17]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DDL). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21911[18]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | InnoDB). Supported versions that are affected are 8.0.32 and prior. | Easily exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-21982 https://www.cve.org/CVERecord?id=CVE-2023-21982 [1] https://security-tracker.debian.org/tracker/CVE-2023-21980 https://www.cve.org/CVERecord?id=CVE-2023-21980 [2] https://security-tracker.debian.org/tracker/CVE-2023-21977 https://www.cve.org/CVERecord?id=CVE-2023-21977 [3] https://security-tracker.debian.org/tracker/CVE-2023-21976 https://www.cve.org/CVERecord?id=CVE-2023-21976 [4] https://security-tracker.debian.org/tracker/CVE-2023-21972 https://www.cve.org/CVERecord?id=CVE-2023-21972 [5] https://security-tracker.debian.org/tracker/CVE-2023-21966 https://www.cve.org/CVERecord?id=CVE-2023-21966 [6] https://security-tracker.debian.org/tracker/CVE-2023-21962 https://www.cve.org/CVERecord?id=CVE-2023-21962 [7] https://security-tracker.debian.org/tracker/CVE-2023-21955 https://www.cve.org/CVERecord?id=CVE-2023-21955 [8] https://security-tracker.debian.org/tracker/CVE-2023-21953 https://www.cve.org/CVERecord?id=CVE-2023-21953 [9] https://security-tracker.debian.org/tracker/CVE-2023-21947 https://www.cve.org/CVERecord?id=CVE-2023-21947 [10] https://security-tracker.debian.org/tracker/CVE-2023-21946 https://www.cve.org/CVERecord?id=CVE-2023-21946 [11] https://security-tracker.debian.org/tracker/CVE-2023-21945 https://www.cve.org/CVERecord?id=CVE-2023-21945 [12] https://security-tracker.debian.org/tracker/CVE-2023-21940 https://www.cve.org/CVERecord?id=CVE-2023-21940 [13] https://security-tracker.debian.org/tracker/CVE-2023-21935 https://www.cve.org/CVERecord?id=CVE-2023-21935 [14] https://security-tracker.debian.org/tracker/CVE-2023-21933 https://www.cve.org/CVERecord?id=CVE-2023-21933 [15] https://security-tracker.debian.org/tracker/CVE-2023-21929 https://www.cve.org/CVERecord?id=CVE-2023-21929 [16] https://security-tracker.debian.org/tracker/CVE-2023-21920 https://www.cve.org/CVERecord?id=CVE-2023-21920 [17] https://security-tracker.debian.org/tracker/CVE-2023-21919 https://www.cve.org/CVERecord?id=CVE-2023-21919 [18] https://security-tracker.debian.org/tracker/CVE-2023-21911 https://www.cve.org/CVERecord?id=CVE-2023-21911 Please adjust the affected versions in the BTS as needed.