CVE-2023-22065: 
MySQL vulnerability analysis and mitigation

CVE-2023-22065 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. The vulnerability affects MySQL versions 8.0.33 and prior. This security flaw was disclosed in October 2023 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (Oracle CPU).

Oracle has released patches for this vulnerability in MySQL version 8.0.34. Various vendors have also provided fixes, including Ubuntu which has patched the vulnerability in mysql-8.0 packages (Ubuntu Security), and NetApp which has released updates for affected products including Active IQ Unified Manager and OnCommand Insight (NetApp Advisory).