Red Team or Advanced Rogue attacker can exploit this vulnerability to cause a crash or hang of MySQL Server.
CVSS 3.0 Base Score 5.3 (System information disclosure). Critical - If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses
Mitigation and Detection
Mitigation and Detection
CVE-2022-21641
Red Team or Advanced Rogue attacker can exploit this vulnerability to cause a crash or hang of MySQL Server.
Overview
There are 2 fields in the DB structure that are susceptible to causing a crash or hang of MySQL server.
The "field_name" and "field_table_name" field in the “information_schema” table for users with permissions to do so.
The “table” field in the “arbitrary_table” table.
Upgrade MySQL to version 5.6.x as soon as possible
Upgrade MySQL to version 5.6.x as soon as possible
Vulnerable code:
#define mysql_e_stmt_completed NULL
#define mysql_e_stmt_completed NULL
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC