Lucene search

K
osvGoogleOSV:ALSA-2024:0894
HistoryFeb 20, 2024 - 12:00 a.m.

Moderate: mysql:8.0 security update

2024-02-2000:00:00
Google
osv.dev
9
mysql
8.0
security
update
unspecified vulnerabilities
cpu
cve-2023-21911
cve-2023-21919
cve-2023-21929
cve-2023-21933
cve-2023-21920
cve-2023-21935

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.002

Percentile

62.2%

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
  • mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
  • mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
  • mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
  • mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
  • mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
  • mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
  • mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
  • mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
  • mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
  • mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
  • mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
  • mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
  • mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
  • mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
  • mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
  • mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
  • mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
  • zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
  • mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
  • mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22452)

References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.002

Percentile

62.2%