CVE-2023-21917: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in the MySQL Server product of Oracle MySQL, specifically in the Server: Optimizer component. The vulnerability affects versions 8.0.30 and prior. This vulnerability was discovered by Wang Ke of Zhejiang University and was disclosed in April 2023 (Oracle CPU, NVD).

The vulnerability is classified with a CVSS 3.1 Base Score of 4.9 (Medium severity), with the vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability is network-accessible, requires high privileges, but needs no user interaction to exploit. The vulnerability exists in the MySQL Server's Optimizer component (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only affects availability, with no direct impact on confidentiality or integrity (NVD).

Oracle has released patches to address this vulnerability in their April 2023 Critical Patch Update. Users are advised to upgrade to versions newer than MySQL 8.0.30. NetApp has also released patches for their affected products including Active IQ Unified Manager and other systems that incorporate MySQL (NetApp Advisory).