Improper input validation in MySQL Server

#VU71267 Improper input validation in MySQL Server

Published: 2023-01-17

Vulnerability identifier: #VU71267

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2023-21880

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Server
Server applications / Database software

Vendor: Oracle

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MySQL Server: 8.0.0 - 8.0.31

CPE

cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*

External links
http://www.oracle.com/security-alerts/cpujan2023.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

VMware Tanzu Isolation Segment update for MySQL

Red Hat Enterprise Linux 8 update for the mysql:8.0 module

Red Hat Enterprise Linux 9 update for mysql

Multiple vulnerabilities in IBM Security Guardium

Red Hat Software Collections update for rh-mysql80-mysql

Ubuntu update for mysql-5.7

Multiple vulnerabilities in MySQL Server