CVE-2023-22064: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer) affects versions 8.0.34 and prior. This vulnerability was disclosed in October 2023 as part of Oracle's Critical Patch Update. The vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NetApp Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that while the vulnerability can be exploited over the network (AV:N) with low attack complexity (AC:L), it requires high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (Oracle CPU, NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability specifically affects the Optimizer component of MySQL Server, potentially impacting system availability (Oracle CPU).

Oracle has released patches for this vulnerability in MySQL versions after 8.0.34. Users are advised to upgrade to the latest version of MySQL Server. Various vendors have also released patches for their products that incorporate MySQL, including NetApp which has provided fixes for affected products such as Active IQ Unified Manager, OnCommand Insight, OnCommand Workflow Automation, and SnapCenter (NetApp Advisory).