CVE-2023-21875: 
MySQL vulnerability analysis and mitigation

CVE-2023-21875 is a security vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Security: Encryption component. The vulnerability affects MySQL Server versions 8.0.31 and prior. This vulnerability was disclosed in January 2023 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is classified as difficult to exploit and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability has a CVSS 3.1 Base Score of 5.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H, indicating Network attack vector, High attack complexity, High privileges required, No user interaction, Unchanged scope, and High impact on both Integrity and Availability but No impact on Confidentiality (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. Additionally, it can lead to unauthorized ability to cause a hang or frequently repeatable crash, resulting in a complete denial of service (DOS) of MySQL Server (Oracle CPU).

Oracle has released security patches to address this vulnerability in the January 2023 Critical Patch Update. Users are advised to update to MySQL versions newer than 8.0.31. For Ubuntu users, MySQL has been updated to version 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10 (Red Hat Portal).