CVE-2023-21946: 
MySQL vulnerability analysis and mitigation

CVE-2023-21946 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. The vulnerability affects MySQL Server versions 8.0.32 and prior. It was disclosed as part of Oracle's Critical Patch Update in April 2023 (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized as easily exploitable, requiring low attack complexity and low privileges, with network access via multiple protocols (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The vulnerability impacts only the availability aspect of the system, with no direct impact on confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in their April 2023 Critical Patch Update. Users are strongly advised to upgrade to MySQL versions newer than 8.0.32. For Fedora users, updates have been provided for versions 37, 38, and 39 through the package community-mysql-8.0.34 (Fedora Update).

NetApp has acknowledged this vulnerability's impact on their products and has provided patches for affected systems including Active IQ Unified Manager, OnCommand Insight, OnCommand Workflow Automation, and SnapCenter (NetApp Advisory).