CVE-2022-21351 – This vulnerability in MySQL Server's optimizer ... (How to Fix)

Q: What is the severity of CVE-2022-21351?

CVE-2022-21351 has a CVSS score of 7.1 (HIGH). This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and perform unauthorized data modifications. It affects MySQL Server versions 8.0.27 and earlier. Attackers need only low-privileged database accounts to exploit this vulnerability.

📋 TL;DR

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and perform unauthorized data modifications. It affects MySQL Server versions 8.0.27 and earlier. Attackers need only low-privileged database accounts to exploit this vulnerability.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.27 and prior versions of MySQL 8.0

Operating Systems: All operating systems running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network access and low-privileged database account. Component: Server Optimizer.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service with MySQL Server becoming unresponsive, combined with unauthorized data modification or deletion in accessible database tables.

🟠

Likely Case

Service disruption through server crashes or hangs, potentially leading to application downtime and data integrity issues.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and monitoring are in place to detect and respond to suspicious queries.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Oracle describes as 'easily exploitable' requiring only low privileged access via multiple protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL 8.0.28 and later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2022.html

Restart Required: Yes

Instructions:

1. Download MySQL 8.0.28 or later from Oracle. 2. Backup databases. 3. Stop MySQL service. 4. Install updated version. 5. Restart MySQL service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MySQL servers to only trusted hosts and applications

Configure firewall rules to limit MySQL port (default 3306) access

Principle of Least Privilege

all

Minimize database user privileges to only what's necessary for applications

REVOKE unnecessary privileges from database users

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit MySQL access
Apply database user privilege minimization and monitor for suspicious query patterns

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 8.0.27 or earlier, system is vulnerable.

Check Version:

SELECT VERSION();

Verify Fix Applied:

After patching, verify version is 8.0.28 or later: SELECT VERSION();

📡 Detection & Monitoring

Log Indicators:

Unexpected server crashes or restarts
Error logs showing optimizer-related failures
Multiple failed connection attempts from single sources

Network Indicators:

Unusual query patterns from low-privileged accounts
High volume of complex queries to optimizer component

SIEM Query:

source="mysql.log" AND ("crash" OR "hang" OR "optimizer")

📊 Metadata

CVE ID: CVE-2022-21351

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Published: January 19, 2022

Last Updated: November 21, 2024

🔗 References

https://security.netapp.com/advisory/ntap-20220121-0008/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Vendor Advisory
https://security.netapp.com/advisory/ntap-20220121-0008/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON