Ubuntu update for mysql-5.7



Published: 2022-05-03
Risk Medium
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2022-21412
CVE-2022-21413
CVE-2022-21414
CVE-2022-21415
CVE-2022-21417
CVE-2022-21418
CVE-2022-21423
CVE-2022-21425
CVE-2022-21427
CVE-2022-21435
CVE-2022-21436
CVE-2022-21437
CVE-2022-21438
CVE-2022-21440
CVE-2022-21444
CVE-2022-21451
CVE-2022-21452
CVE-2022-21454
CVE-2022-21457
CVE-2022-21459
CVE-2022-21460
CVE-2022-21462
CVE-2022-21478
CWE-ID CWE-20
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

mysql-server-8.0 (Ubuntu package)
Operating systems & Components / Operating system package or component

mysql-server-5.7 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU62419

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU62417

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU62420

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU62427

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21415

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU62415

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21418

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU62434

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21423

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU62410

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21425

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU62421

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU62422

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21436

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU62423

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21437

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU62424

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21438

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU62411

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21440

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21451

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU62425

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21452

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU62409

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21457

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU62412

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21459

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU62430

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21460

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU62426

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21462

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU62413

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21478

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Update the affected package mysql-5.7 to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1

mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5400-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###