CVE-2022-21304: 
MySQL vulnerability analysis and mitigation

CVE-2022-21304 is a vulnerability in Oracle MySQL Server's Parser component affecting versions 5.7.36 and prior, and 8.0.27 and prior. This vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update. The vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires network access and high privileges to exploit, but requires no user interaction. The attack complexity is low, and the primary impact is on system availability (NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server (NVD).

Oracle has released patches to address this vulnerability in MySQL versions. Users should upgrade to versions newer than 5.7.36 for the 5.7 series or versions newer than 8.0.27 for the 8.0 series. For Fedora users, updates are available through community-mysql-8.0.28 packages (Fedora Update).