openEuler 20.03 LTS SP4 update for mysql



Risk High
Patch available YES
Number of vulnerabilities 218
CVE-ID CVE-2021-22570
CVE-2022-21412
CVE-2022-21413
CVE-2022-21414
CVE-2022-21417
CVE-2022-21418
CVE-2022-21423
CVE-2022-21425
CVE-2022-21427
CVE-2022-21435
CVE-2022-21437
CVE-2022-21438
CVE-2022-21440
CVE-2022-21444
CVE-2022-21451
CVE-2022-21454
CVE-2022-21455
CVE-2022-21457
CVE-2022-21459
CVE-2022-21462
CVE-2022-21478
CVE-2022-21479
CVE-2022-21482
CVE-2022-21483
CVE-2022-21484
CVE-2022-21485
CVE-2022-21486
CVE-2022-21489
CVE-2022-21490
CVE-2022-21509
CVE-2022-21515
CVE-2022-21517
CVE-2022-21525
CVE-2022-21526
CVE-2022-21527
CVE-2022-21528
CVE-2022-21529
CVE-2022-21530
CVE-2022-21531
CVE-2022-21534
CVE-2022-21537
CVE-2022-21538
CVE-2022-21539
CVE-2022-21547
CVE-2022-21556
CVE-2022-21569
CVE-2022-21592
CVE-2022-21594
CVE-2022-21599
CVE-2022-21604
CVE-2022-21605
CVE-2022-21607
CVE-2022-21608
CVE-2022-21611
CVE-2022-21617
CVE-2022-21625
CVE-2022-21632
CVE-2022-21633
CVE-2022-21635
CVE-2022-21637
CVE-2022-21638
CVE-2022-21640
CVE-2022-21641
CVE-2022-32221
CVE-2022-39400
CVE-2022-39408
CVE-2022-39410
CVE-2022-43551
CVE-2023-0215
CVE-2023-21836
CVE-2023-21863
CVE-2023-21864
CVE-2023-21865
CVE-2023-21866
CVE-2023-21867
CVE-2023-21868
CVE-2023-21869
CVE-2023-21870
CVE-2023-21871
CVE-2023-21872
CVE-2023-21873
CVE-2023-21874
CVE-2023-21875
CVE-2023-21876
CVE-2023-21877
CVE-2023-21878
CVE-2023-21879
CVE-2023-21880
CVE-2023-21881
CVE-2023-21882
CVE-2023-21883
CVE-2023-21887
CVE-2023-21911
CVE-2023-21912
CVE-2023-21913
CVE-2023-21917
CVE-2023-21919
CVE-2023-21920
CVE-2023-21929
CVE-2023-21933
CVE-2023-21935
CVE-2023-21940
CVE-2023-21945
CVE-2023-21946
CVE-2023-21947
CVE-2023-21953
CVE-2023-21955
CVE-2023-21962
CVE-2023-21963
CVE-2023-21966
CVE-2023-21972
CVE-2023-21976
CVE-2023-21977
CVE-2023-21980
CVE-2023-21982
CVE-2023-22005
CVE-2023-22007
CVE-2023-22008
CVE-2023-22015
CVE-2023-22026
CVE-2023-22028
CVE-2023-22032
CVE-2023-22033
CVE-2023-22038
CVE-2023-22046
CVE-2023-22048
CVE-2023-22053
CVE-2023-22054
CVE-2023-22056
CVE-2023-22057
CVE-2023-22058
CVE-2023-22059
CVE-2023-22064
CVE-2023-22065
CVE-2023-22066
CVE-2023-22068
CVE-2023-22070
CVE-2023-22078
CVE-2023-22079
CVE-2023-22084
CVE-2023-22092
CVE-2023-22097
CVE-2023-22103
CVE-2023-22104
CVE-2023-22110
CVE-2023-22111
CVE-2023-22112
CVE-2023-22113
CVE-2023-22114
CVE-2023-22115
CVE-2023-38545
CVE-2023-6129
CVE-2024-20960
CVE-2024-20961
CVE-2024-20962
CVE-2024-20963
CVE-2024-20964
CVE-2024-20965
CVE-2024-20966
CVE-2024-20967
CVE-2024-20968
CVE-2024-20969
CVE-2024-20970
CVE-2024-20971
CVE-2024-20972
CVE-2024-20973
CVE-2024-20974
CVE-2024-20976
CVE-2024-20977
CVE-2024-20978
CVE-2024-20981
CVE-2024-20982
CVE-2024-20983
CVE-2024-20984
CVE-2024-20985
CVE-2024-20993
CVE-2024-20994
CVE-2024-20996
CVE-2024-20998
CVE-2024-21000
CVE-2024-21008
CVE-2024-21009
CVE-2024-21013
CVE-2024-21015
CVE-2024-21047
CVE-2024-21050
CVE-2024-21051
CVE-2024-21053
CVE-2024-21054
CVE-2024-21055
CVE-2024-21056
CVE-2024-21057
CVE-2024-21060
CVE-2024-21061
CVE-2024-21062
CVE-2024-21069
CVE-2024-21087
CVE-2024-21096
CVE-2024-21102
CVE-2024-21125
CVE-2024-21127
CVE-2024-21129
CVE-2024-21130
CVE-2024-21134
CVE-2024-21135
CVE-2024-21137
CVE-2024-21142
CVE-2024-21157
CVE-2024-21159
CVE-2024-21160
CVE-2024-21162
CVE-2024-21163
CVE-2024-21165
CVE-2024-21166
CVE-2024-21171
CVE-2024-21173
CVE-2024-21177
CVE-2024-21179
CWE-ID CWE-20
CWE-125
CWE-119
CWE-440
CWE-254
CWE-416
CWE-122
CWE-371
Exploitation vector Network
Public exploit Public exploit code for vulnerability #151 is available.
Vulnerable software
openEuler
Operating systems & Components / Operating system

mysql-test
Operating systems & Components / Operating system package or component

mysql-server
Operating systems & Components / Operating system package or component

mysql-libs
Operating systems & Components / Operating system package or component

mysql-help
Operating systems & Components / Operating system package or component

mysql-errmsg
Operating systems & Components / Operating system package or component

mysql-devel
Operating systems & Components / Operating system package or component

mysql-debugsource
Operating systems & Components / Operating system package or component

mysql-debuginfo
Operating systems & Components / Operating system package or component

mysql-config
Operating systems & Components / Operating system package or component

mysql-common
Operating systems & Components / Operating system package or component

mysql
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 218 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU62403

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22570

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Compiling (protobuf) component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU62419

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU62417

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU62420

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU62415

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21418

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU62434

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21423

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU62410

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21425

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU62421

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU62423

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21437

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU62424

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21438

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU62411

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21440

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21451

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU65522

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21455

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU62409

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21457

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU62412

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21459

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU62426

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21462

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU62413

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21478

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU62414

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21479

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU62405

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21482

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU62406

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21483

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU62431

Risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21484

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU62432

Risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21485

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU62433

Risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21486

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU62407

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21489

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Data Node jobs. A remote user can send specially crafted request to the database, trigger a buffer overflow and execute arbitrary code on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU62408

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21490

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation when parsing Data Node jobs. A remote privileged user can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU65510

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21509

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21515

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU65512

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21517

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU65515

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21525

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU65516

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU65508

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21527

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU65509

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21528

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU65517

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21529

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU65518

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21530

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU65519

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21531

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU65523

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21534

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU65513

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21537

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU65526

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21538

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU65511

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21539

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU65514

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21547

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU65504

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21556

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU65505

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21569

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU68463

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21592

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU68451

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21594

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU68460

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21599

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU68447

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21604

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU68450

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21605

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU68452

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21607

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU68453

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21608

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU68467

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21611

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper input validation

EUVDB-ID: #VU68449

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21617

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper input validation

EUVDB-ID: #VU68462

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21625

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU68459

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21632

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU68458

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21633

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper input validation

EUVDB-ID: #VU68444

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21635

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper input validation

EUVDB-ID: #VU68448

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21637

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper input validation

EUVDB-ID: #VU68454

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21638

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper input validation

EUVDB-ID: #VU68455

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21640

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper input validation

EUVDB-ID: #VU68456

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21641

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Expected behavior violation

EUVDB-ID: #VU68746

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32221

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a remote attacker to force unexpected application behavior.

The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper input validation

EUVDB-ID: #VU68457

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39400

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper input validation

EUVDB-ID: #VU68445

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39408

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper input validation

EUVDB-ID: #VU68446

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39410

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Security features bypass

EUVDB-ID: #VU70457

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43551

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU71995

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0215

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper input validation

EUVDB-ID: #VU71270

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21836

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper input validation

EUVDB-ID: #VU71272

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21863

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper input validation

EUVDB-ID: #VU71273

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21864

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper input validation

EUVDB-ID: #VU71274

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21865

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper input validation

EUVDB-ID: #VU71275

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21866

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper input validation

EUVDB-ID: #VU71276

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21867

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper input validation

EUVDB-ID: #VU71262

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21868

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper input validation

EUVDB-ID: #VU71265

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21869

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper input validation

EUVDB-ID: #VU71277

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21870

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper input validation

EUVDB-ID: #VU71269

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21871

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper input validation

EUVDB-ID: #VU71268

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21872

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper input validation

EUVDB-ID: #VU71278

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21873

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper input validation

EUVDB-ID: #VU71286

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21874

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper input validation

EUVDB-ID: #VU71264

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper input validation

EUVDB-ID: #VU71279

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21876

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper input validation

EUVDB-ID: #VU71266

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21877

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper input validation

EUVDB-ID: #VU71280

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21878

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper input validation

EUVDB-ID: #VU71281

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21879

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper input validation

EUVDB-ID: #VU71267

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper input validation

EUVDB-ID: #VU71282

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper input validation

EUVDB-ID: #VU71285

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21882

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper input validation

EUVDB-ID: #VU71283

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper input validation

EUVDB-ID: #VU71271

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21887

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: GIS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper input validation

EUVDB-ID: #VU75275

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21911

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper input validation

EUVDB-ID: #VU75270

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21912

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper input validation

EUVDB-ID: #VU75281

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21913

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper input validation

EUVDB-ID: #VU75282

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21917

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper input validation

EUVDB-ID: #VU75277

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper input validation

EUVDB-ID: #VU75283

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21920

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper input validation

EUVDB-ID: #VU75273

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21929

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper input validation

EUVDB-ID: #VU75278

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21933

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper input validation

EUVDB-ID: #VU75284

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21935

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper input validation

EUVDB-ID: #VU75291

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21940

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper input validation

EUVDB-ID: #VU75285

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21945

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper input validation

EUVDB-ID: #VU75272

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper input validation

EUVDB-ID: #VU75292

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21947

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper input validation

EUVDB-ID: #VU75289

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21953

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Partition component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper input validation

EUVDB-ID: #VU75290

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21955

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Partition component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper input validation

EUVDB-ID: #VU75276

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper input validation

EUVDB-ID: #VU75293

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper input validation

EUVDB-ID: #VU75280

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: JSON component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper input validation

EUVDB-ID: #VU75279

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21972

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper input validation

EUVDB-ID: #VU75286

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21976

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper input validation

EUVDB-ID: #VU75287

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper input validation

EUVDB-ID: #VU75271

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21980

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Client programs component in MySQL Server. A remote authenticated user can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper input validation

EUVDB-ID: #VU75288

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21982

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper input validation

EUVDB-ID: #VU78429

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Improper input validation

EUVDB-ID: #VU78425

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper input validation

EUVDB-ID: #VU78420

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22008

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper input validation

EUVDB-ID: #VU82156

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper input validation

EUVDB-ID: #VU82157

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22026

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper input validation

EUVDB-ID: #VU82158

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22028

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Improper input validation

EUVDB-ID: #VU82159

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22032

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper input validation

EUVDB-ID: #VU78427

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22033

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper input validation

EUVDB-ID: #VU78431

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22038

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper input validation

EUVDB-ID: #VU78421

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22046

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Improper input validation

EUVDB-ID: #VU78430

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22048

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Pluggable Auth component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper input validation

EUVDB-ID: #VU78419

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22053

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to access sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Client programs component in MySQL Server. A remote authenticated user can exploit this vulnerability to access sensitive information or perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Improper input validation

EUVDB-ID: #VU78422

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22054

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper input validation

EUVDB-ID: #VU78423

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22056

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Improper input validation

EUVDB-ID: #VU78426

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22057

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper input validation

EUVDB-ID: #VU78428

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Improper input validation

EUVDB-ID: #VU82146

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper input validation

EUVDB-ID: #VU82160

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22064

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper input validation

EUVDB-ID: #VU82161

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22065

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper input validation

EUVDB-ID: #VU82150

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22066

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper input validation

EUVDB-ID: #VU82151

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22068

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper input validation

EUVDB-ID: #VU82162

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22070

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Improper input validation

EUVDB-ID: #VU82166

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22078

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Improper input validation

EUVDB-ID: #VU82147

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22079

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Improper input validation

EUVDB-ID: #VU82154

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22084

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Improper input validation

EUVDB-ID: #VU82167

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22092

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Improper input validation

EUVDB-ID: #VU82149

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper input validation

EUVDB-ID: #VU82163

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22103

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Improper input validation

EUVDB-ID: #VU82152

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22104

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Improper input validation

EUVDB-ID: #VU82164

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22110

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Improper input validation

EUVDB-ID: #VU82168

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22111

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Improper input validation

EUVDB-ID: #VU82165

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22112

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Improper input validation

EUVDB-ID: #VU82169

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22113

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper input validation

EUVDB-ID: #VU82153

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22114

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Improper input validation

EUVDB-ID: #VU82155

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22115

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Heap-based buffer overflow

EUVDB-ID: #VU81865

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-38545

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

152) State Issues

EUVDB-ID: #VU85170

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6129

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in POLY1305 MAC (message authentication code) implementation on PowerPC CPU based platforms if the CPU provides vector instructions. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper input validation

EUVDB-ID: #VU85483

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: RAPID component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Improper input validation

EUVDB-ID: #VU85478

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20961

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Improper input validation

EUVDB-ID: #VU85479

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Improper input validation

EUVDB-ID: #VU85484

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Improper input validation

EUVDB-ID: #VU85488

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20964

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Improper input validation

EUVDB-ID: #VU85489

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20965

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Improper input validation

EUVDB-ID: #VU85492

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Improper input validation

EUVDB-ID: #VU85487

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Improper input validation

EUVDB-ID: #VU85501

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Improper input validation

EUVDB-ID: #VU85486

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20969

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Improper input validation

EUVDB-ID: #VU85493

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20970

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Improper input validation

EUVDB-ID: #VU85494

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20971

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Improper input validation

EUVDB-ID: #VU85495

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20972

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Improper input validation

EUVDB-ID: #VU85480

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20973

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Improper input validation

EUVDB-ID: #VU85496

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Improper input validation

EUVDB-ID: #VU85497

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20976

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Improper input validation

EUVDB-ID: #VU85482

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Improper input validation

EUVDB-ID: #VU85498

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20978

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Improper input validation

EUVDB-ID: #VU85490

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20981

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Improper input validation

EUVDB-ID: #VU85499

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20982

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper input validation

EUVDB-ID: #VU85491

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20983

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Improper input validation

EUVDB-ID: #VU85500

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20984

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server : Security : Firewall component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Improper input validation

EUVDB-ID: #VU85485

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20985

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Improper input validation

EUVDB-ID: #VU88689

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20993

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Improper input validation

EUVDB-ID: #VU88676

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Improper input validation

EUVDB-ID: #VU94570

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20996

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Improper input validation

EUVDB-ID: #VU88690

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20998

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Improper input validation

EUVDB-ID: #VU88699

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21000

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Improper input validation

EUVDB-ID: #VU88697

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21008

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Improper input validation

EUVDB-ID: #VU88691

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21009

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Improper input validation

EUVDB-ID: #VU88698

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21013

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Improper input validation

EUVDB-ID: #VU88675

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Improper input validation

EUVDB-ID: #VU88678

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21047

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Improper input validation

EUVDB-ID: #VU88682

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21050

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Improper input validation

EUVDB-ID: #VU88683

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21051

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Improper input validation

EUVDB-ID: #VU88685

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21053

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Improper input validation

EUVDB-ID: #VU88692

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21054

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Improper input validation

EUVDB-ID: #VU88693

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21055

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Improper input validation

EUVDB-ID: #VU88686

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21056

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Improper input validation

EUVDB-ID: #VU88694

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21057

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Improper input validation

EUVDB-ID: #VU88687

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21060

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Improper input validation

EUVDB-ID: #VU88679

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21061

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Audit Plug-in component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Improper input validation

EUVDB-ID: #VU88695

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Improper input validation

EUVDB-ID: #VU88680

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21069

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Improper input validation

EUVDB-ID: #VU88688

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21087

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Improper input validation

EUVDB-ID: #VU88696

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Improper input validation

EUVDB-ID: #VU88677

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21102

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Improper input validation

EUVDB-ID: #VU94569

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21125

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Improper input validation

EUVDB-ID: #VU94577

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21127

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Improper input validation

EUVDB-ID: #VU94578

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21129

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Improper input validation

EUVDB-ID: #VU94579

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21130

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Improper input validation

EUVDB-ID: #VU94585

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21134

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Improper input validation

EUVDB-ID: #VU94580

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21135

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Improper input validation

EUVDB-ID: #VU94581

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21137

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

mysql-test: before 8.0.38-1

mysql-server: before 8.0.38-1

mysql-libs: before 8.0.38-1

mysql-help: before 8.0.38-1

mysql-errmsg: before 8.0.38-1

mysql-devel: before 8.0.38-1

mysql-debugsource: before 8.0.38-1

mysql-debuginfo: before 8.0.38-1

mysql-config: before 8.0.38-1

mysql-common: before 8.0.38-1

mysql: before 8.0.38-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2071