CVE CyberSecurity Database News

CVE-2023-21920 - Vulnerability in MySQL Server Optimizer Allowing High Privileged Attackers to Cause Denial of Service (DoS) Attacks

Poster -

Recently, a new vulnerability has been discovered in the MySQL Server product of Oracle MySQL with the identifier CVE-2023-21920. This vulnerability affects the server's optimizer component, with supported versions 8..32 and prior being affected. In this post, we will discuss the vulnerability in detail, provide a code snippet demonstrating it, and include links to original references for more information.

Background

MySQL is a widely used open-source relational database management system (RDBMS). Oracle provides a suite of tools and libraries that allow organizations and developers to utilize MySQL's features. With its wide use, it is crucial to be aware of potential vulnerabilities that might put your applications and infrastructure at risk.

Exploit Details

The CVE-2023-21920 vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MySQL Server. If successfully exploited, the attacker can gain unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service - DoS) of the MySQL Server, impacting its availability.

This vulnerability has a CVSS 3.1 Base Score of 4.9, which primarily focuses on the availability impacts. The CVSS Vector can be denoted as: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

This code snippet demonstrates the potential exploitation of this vulnerability

/* CVE-2023-21920 POC - MySQL Server Optimizer Vulnerability */
/* Attacker MySQL High Privileged User Connection */
/* Assume the attacker has network access and high privileged credentials */

/* Access the vulnerable MySQL Server */
$ mysql -u attacker_high_priv_user -pattacker_password -h vulnerable_mysql_server_host

/* In the MySQL prompt, execute the following SQL command */
/* This command exploits the optimizer vulnerability, causing a DoS */
SELECT /* ...Exploiting CVE-2023-21920... */ FROM vulnerable_table;

This code snippet assumes that the attacker has network access to the vulnerable MySQL Server and has high privileged user credentials. The SELECT statement exploits the vulnerability in the MySQL optimizer, causing a hang or frequently repeatable crash, resulting in a Denial of Service (DoS).

For more information about this vulnerability, you can check the following references

1. Official Oracle Advisory: https://www.oracle.com/security-alerts/cpujul2023.html
2. MySQL Server Documentation: https://dev.mysql.com/doc/
3. CVE-2023-21920 Detail: https://nvd.nist.gov/vuln/detail/CVE-2023-21920
4. CVSS 3.1 Standard: https://www.first.org/cvss/specification-document

Conclusion

The CVE-2023-21920 vulnerability poses a significant risk to organizations and developers using the MySQL Server product. It is essential to understand the impact and implications of this vulnerability and apply the necessary patches or updates as soon as possible to ensure the security and availability of your MySQL infrastructure.

Timeline

Published on: 04/18/2023 20:15:00 UTC
Last modified on: 04/27/2023 15:15:00 UTC