CVE-2023-21929: 
MySQL vulnerability analysis and mitigation

CVE-2023-21929 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: DDL component. The vulnerability affects MySQL Server versions 8.0.32 and prior. It was disclosed in Oracle's April 2023 Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H. The vulnerability is considered easily exploitable and requires high privileged attacker access with network access via multiple protocols to compromise MySQL Server (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (Oracle CPU).

Oracle has released patches to address this vulnerability in their April 2023 Critical Patch Update. Users are advised to update to versions newer than MySQL 8.0.32. Various vendors have also released patches for their affected products, including NetApp which has provided fixes for Active IQ Unified Manager, OnCommand Insight, OnCommand Workflow Automation, and SnapCenter (NetApp Advisory).