CVE-2023-22015: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer) affects versions 5.7.42 and prior, and 8.0.31 and prior. This vulnerability (CVE-2023-22015) was disclosed in October 2023 as part of Oracle's Critical Patch Update. It is an easily exploitable vulnerability that allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU Oct 2023).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and affecting only the vulnerable component (S:U). The impact is limited to availability (A:H) with no impact on confidentiality or integrity (NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is primarily focused on system availability, with no direct impact on data confidentiality or integrity (Oracle CPU Oct 2023).

Oracle has released security patches to address this vulnerability. Users are strongly recommended to apply the Critical Patch Update security patches without delay. The patches are available for MySQL Server versions 5.7.42 and prior, and 8.0.31 and prior. For systems that cannot immediately apply patches, limiting network access and restricting high-privilege account access can help reduce the risk (Oracle CPU Oct 2023).