Source: mysql-8.0 Version: 8.0.34-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-22032[0]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22059[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows low privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks | of this vulnerability can result in unauthorized ability to cause a | hang or frequently repeatable crash (complete DOS) of MySQL Server. | CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22064[2]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22066[3]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22068[4]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22070[5]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22078[6]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22079[7]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows low privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22084[8]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22092[9]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22097[10]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22103[11]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior and 8.1.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22112[12]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.34 and prior. Easily exploitable vulnerability | allows high privileged attacker with network access via multiple | protocols to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-22114[13]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows | high privileged attacker with network access via multiple protocols | to compromise MySQL Server. Successful attacks of this | vulnerability can result in unauthorized ability to cause a hang or | frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22032 https://www.cve.org/CVERecord?id=CVE-2023-22032 [1] https://security-tracker.debian.org/tracker/CVE-2023-22059 https://www.cve.org/CVERecord?id=CVE-2023-22059 [2] https://security-tracker.debian.org/tracker/CVE-2023-22064 https://www.cve.org/CVERecord?id=CVE-2023-22064 [3] https://security-tracker.debian.org/tracker/CVE-2023-22066 https://www.cve.org/CVERecord?id=CVE-2023-22066 [4] https://security-tracker.debian.org/tracker/CVE-2023-22068 https://www.cve.org/CVERecord?id=CVE-2023-22068 [5] https://security-tracker.debian.org/tracker/CVE-2023-22070 https://www.cve.org/CVERecord?id=CVE-2023-22070 [6] https://security-tracker.debian.org/tracker/CVE-2023-22078 https://www.cve.org/CVERecord?id=CVE-2023-22078 [7] https://security-tracker.debian.org/tracker/CVE-2023-22079 https://www.cve.org/CVERecord?id=CVE-2023-22079 [8] https://security-tracker.debian.org/tracker/CVE-2023-22084 https://www.cve.org/CVERecord?id=CVE-2023-22084 [9] https://security-tracker.debian.org/tracker/CVE-2023-22092 https://www.cve.org/CVERecord?id=CVE-2023-22092 [10] https://security-tracker.debian.org/tracker/CVE-2023-22097 https://www.cve.org/CVERecord?id=CVE-2023-22097 [11] https://security-tracker.debian.org/tracker/CVE-2023-22103 https://www.cve.org/CVERecord?id=CVE-2023-22103 [12] https://security-tracker.debian.org/tracker/CVE-2023-22112 https://www.cve.org/CVERecord?id=CVE-2023-22112 [13] https://security-tracker.debian.org/tracker/CVE-2023-22114 https://www.cve.org/CVERecord?id=CVE-2023-22114 Regards, Salvatore
