CVE-2023-21947: 
MySQL vulnerability analysis and mitigation

CVE-2023-21947 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Components Services component. The vulnerability affects MySQL Server versions 8.0.32 and prior. It was disclosed in Oracle's April 2023 Critical Patch Update (Oracle CPU).

This is a difficult to exploit vulnerability that requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in MySQL version 8.0.33. Users are strongly recommended to upgrade to this version or apply the relevant security patches. The fix was included in Oracle's April 2023 Critical Patch Update (Oracle CPU, NetApp Advisory).

Multiple vendors and distributions have responded to this vulnerability by releasing updated packages. Fedora has released security updates for versions 37, 38, and 39 to address this vulnerability. NetApp has also issued an advisory and provided patches for their affected products (Fedora Update, NetApp Advisory).