CVE-2022-21314: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21314. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. This vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has a CVSS 3.1 Base Score of 6.3 (Medium) with the vector string: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. This indicates that exploitation requires adjacent network access, is highly complex, needs high privileges, and requires user interaction. The vulnerability affects the MySQL Cluster's data node component, potentially allowing buffer overflow conditions (ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system. The vulnerability affects all three security properties (Confidentiality, Integrity, and Availability) with High impact ratings (Oracle CPU).

Oracle has released security patches to address this vulnerability in their January 2022 Critical Patch Update. Users should upgrade to the latest supported versions that include these security fixes. For systems that cannot be immediately updated, access to the physical communication segment should be strictly controlled (Oracle CPU).