CVE-2023-22070: 
MySQL vulnerability analysis and mitigation

CVE-2023-22070 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. The vulnerability affects MySQL versions 8.0.34 and prior, as well as version 8.1.0. This security flaw was disclosed as part of Oracle's Critical Patch Update in October 2023 (Oracle Advisory).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (Oracle Advisory).

Oracle has released patches to address this vulnerability in their October 2023 Critical Patch Update. Users are advised to upgrade to MySQL version 8.0.35 or later. Various vendors have also released patches for their products incorporating MySQL, including NetApp which has provided fixes for affected products such as Active IQ Unified Manager and OnCommand Insight (NetApp Advisory).