SB2022101906 - Multiple vulnerabilities in MySQL Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022101906

SB2022101906 - Multiple vulnerabilities in MySQL Server

Published: October 19, 2022

Security Bulletin ID SB2022101906
Severity
Medium
Patch available
YES
Number of vulnerabilities 24
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 24 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2022-21611)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2022-21589)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


3) Improper input validation (CVE-ID: CVE-2022-21592)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


4) Improper input validation (CVE-ID: CVE-2022-21625)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2022-21595)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


6) Improper input validation (CVE-ID: CVE-2022-21599)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


7) Improper input validation (CVE-ID: CVE-2022-21632)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


8) Improper input validation (CVE-ID: CVE-2022-21633)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


9) Improper input validation (CVE-ID: CVE-2022-39400)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


10) Improper input validation (CVE-ID: CVE-2022-21641)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


11) Improper input validation (CVE-ID: CVE-2022-21640)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


12) Improper input validation (CVE-ID: CVE-2022-21638)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


13) Improper input validation (CVE-ID: CVE-2022-21608)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


14) Improper input validation (CVE-ID: CVE-2022-21607)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


15) Improper input validation (CVE-ID: CVE-2022-21594)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


16) Improper input validation (CVE-ID: CVE-2022-21605)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


17) Improper input validation (CVE-ID: CVE-2022-21617)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


18) Improper input validation (CVE-ID: CVE-2022-21637)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


19) Improper input validation (CVE-ID: CVE-2022-21604)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


20) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.



21) Improper input validation (CVE-ID: CVE-2022-39410)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


22) Improper input validation (CVE-ID: CVE-2022-39408)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


23) Improper input validation (CVE-ID: CVE-2022-21635)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.


24) Improper input validation (CVE-ID: CVE-2022-21600)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to execute arbitrary code.


Remediation

Install update from vendor's website.

References