China National Vulnerability DatabaseCNVD-2022-31686Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-31686)
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and MySQL Connectors is one of the drivers for connecting to applications that use MySQL. Oracle MySQL is vulnerable to an input validation error. A vulnerability exists in Oracle MySQL, which allows a highly privileged attacker with network access over multiple protocols to compromise the MySQL server. An attacker could use the vulnerability to cause an unauthorized capability to cause the MySQL server to hang or crash frequently and repeatedly (full DOS), as well as to provide unauthorized read access to a subset of the MySQL server’s accessible data.
Related
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P