CVE-2023-22104: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in the MySQL Server product of Oracle MySQL (component: InnoDB), affecting versions 8.0.32 and prior. This vulnerability (CVE-2023-22104) allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, has unchanged scope, and primarily impacts system availability (NIST NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability specifically affects the availability of the system while having no direct impact on confidentiality or integrity (Oracle Advisory).

The vulnerability has been fixed in MySQL version 8.0.33. Organizations running affected versions should upgrade to the patched version. Ubuntu has released fixes for various distributions including version 8.0.33-0ubuntu1 for Ubuntu 24.10, 24.04 LTS, 23.10, and version 8.0.33-0ubuntu0.22.04.1 for Ubuntu 22.04 LTS (Ubuntu Security).