CVE-2022-21417: 
MySQL vulnerability analysis and mitigation

The vulnerability (CVE-2022-21417) affects the MySQL Server product of Oracle MySQL, specifically in the InnoDB component. The affected versions are MySQL 5.7.37 and prior, and 8.0.28 and prior. This vulnerability was disclosed in April 2022 as part of Oracle's Critical Patch Update (Oracle CPU, NIST NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The technical assessment indicates it is an easily exploitable vulnerability that requires high privileges and network access via multiple protocols to compromise MySQL Server (NIST NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The vulnerability only impacts availability, with no direct effects on confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in their April 2022 Critical Patch Update. Users are strongly advised to update to versions newer than MySQL 5.7.37 or 8.0.28. Several vendors who use MySQL in their products, such as NetApp, have also released their own security advisories and patches (NetApp Advisory).