CVE-2022-21310: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. The vulnerability allows high privileged attackers with access to the physical communication segment attached to the hardware where MySQL Cluster executes to potentially compromise the system. Successful exploitation requires human interaction from a person other than the attacker (Oracle Advisory).

The vulnerability has been assigned CVE-2022-21310 with a CVSS 3.1 Base Score of 6.3 (Medium) and vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the processing of Data Node jobs and results from improper validation of array index, which can lead to a write past the end of an array (ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system. The vulnerability affects all three security properties with High severity ratings (Oracle Advisory, ZDI Advisory).

Oracle has issued an update to correct this vulnerability. Users should upgrade to the latest version of MySQL Cluster that contains the security fix. The vulnerability was addressed as part of Oracle's January 2022 Critical Patch Update (Oracle Advisory, ZDI Advisory).