CVE-2023-22056: 
MySQL vulnerability analysis and mitigation

CVE-2023-22056 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server Optimizer component. The vulnerability affects MySQL versions 8.0.33 and prior. This security issue was disclosed in July 2023 as part of Oracle's Critical Patch Update (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is easily exploitable and requires high privileges with network access via multiple protocols to compromise MySQL Server (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (NetApp Advisory).

Oracle has released patches to address this vulnerability in MySQL version 8.0.34. Various distributions have also released updated packages, including Fedora which has patched the vulnerability in community-mysql versions 8.0.34-2 for Fedora 37, 38, and 39 (Fedora Update).