Lucene search

K
amazonAmazonALAS-2023-1878
HistoryOct 30, 2023 - 11:31 p.m.

Medium: mysql57

2023-10-3023:31:00
alas.aws.amazon.com
14
mysql server
oracle mysql
vulnerability
unauthorized access
dos attacks
cvss 3.1
cve-2023-22053

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

56.7%

Issue Overview:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H). (CVE-2023-22053)

Affected Packages:

mysql57

Issue Correction:
Run yum update mysql57 to update your system.

New Packages:

i686:  
    mysql57-common-5.7.43-1.20.amzn1.i686  
    mysql57-embedded-devel-5.7.43-1.20.amzn1.i686  
    mysql57-test-5.7.43-1.20.amzn1.i686  
    mysql57-debuginfo-5.7.43-1.20.amzn1.i686  
    mysql57-embedded-5.7.43-1.20.amzn1.i686  
    mysql57-5.7.43-1.20.amzn1.i686  
    mysql57-libs-5.7.43-1.20.amzn1.i686  
    mysql57-errmsg-5.7.43-1.20.amzn1.i686  
    mysql57-server-5.7.43-1.20.amzn1.i686  
    mysql57-devel-5.7.43-1.20.amzn1.i686  
  
src:  
    mysql57-5.7.43-1.20.amzn1.src  
  
x86_64:  
    mysql57-common-5.7.43-1.20.amzn1.x86_64  
    mysql57-5.7.43-1.20.amzn1.x86_64  
    mysql57-server-5.7.43-1.20.amzn1.x86_64  
    mysql57-embedded-5.7.43-1.20.amzn1.x86_64  
    mysql57-libs-5.7.43-1.20.amzn1.x86_64  
    mysql57-test-5.7.43-1.20.amzn1.x86_64  
    mysql57-devel-5.7.43-1.20.amzn1.x86_64  
    mysql57-embedded-devel-5.7.43-1.20.amzn1.x86_64  
    mysql57-debuginfo-5.7.43-1.20.amzn1.x86_64  
    mysql57-errmsg-5.7.43-1.20.amzn1.x86_64  

Additional References

Red Hat: CVE-2023-22053

Mitre: CVE-2023-22053

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

56.7%