CVE-2023-21912: 
MySQL vulnerability analysis and mitigation

A vulnerability in MySQL Server (component: Server: Security: Privileges) affects versions 5.7.41 and prior, and 8.0.30 and prior. The vulnerability (CVE-2023-21912) allows unauthenticated attackers with network access to compromise MySQL Server through multiple protocols (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (High) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based, requires low attack complexity, needs no privileges, and requires no user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server (Oracle CPU, NVD).

Oracle has released patches to address this vulnerability in their April 2023 Critical Patch Update. Users should upgrade to MySQL versions after 5.7.41 or 8.0.30. NetApp has also released patches for affected products including Active IQ Unified Manager, OnCommand Insight, OnCommand Workflow Automation, and SnapCenter (NetApp Advisory).