Which versions of MySQL are affected by CVE-2023-22026?

The affected versions are MySQL 5.7.42 and prior, and MySQL 8.0.31 and prior.

What is the severity of CVE-2023-22026?

The severity of CVE-2023-22026 is medium with a severity value of 4.9.

How can an attacker exploit CVE-2023-22026?

An attacker with high privileged access via multiple protocols can exploit CVE-2023-22026.

Is there a fix available for CVE-2023-22026?

Ensure that you have updated to MySQL version 5.7.43 or 8.0.32, as these versions contain the fix for CVE-2023-22026.

Vulnerability/
CVE-2023-22026

medium

4.9

17/10/2023

2/8/2024

CVE-2023-22026

Q: What is CVE-2023-22026?

CVE-2023-22026 is a vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

First published: Tue Oct 17 2023(Updated: )

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
ubuntu/mysql-5.7	<5.7.43-0ubuntu0.16.04.1+	5.7.43-0ubuntu0.16.04.1+
ubuntu/mysql-5.7	<5.7.43-0ubuntu0.18.04.1+	5.7.43-0ubuntu0.18.04.1+
ubuntu/mysql-5.7	<5.7.43	5.7.43
ubuntu/mysql-8.0	<8.0.32-0	8.0.32-0
ubuntu/mysql-8.0	<8.0.32-0	8.0.32-0
ubuntu/mysql-8.0	<8.0.32-0ubuntu2	8.0.32-0ubuntu2
ubuntu/mysql-8.0	<8.0.32-0ubuntu2	8.0.32-0ubuntu2
ubuntu/mysql-8.0	<8.0.32	8.0.32
debian/mysql-8.0		8.0.36-2
MySQL	>=5.0.0<=5.7.42
MySQL	>=8.0<=8.0.31
NetApp OnCommand Insight

Remedy

https://www.oracle.com/security-alerts/cpuoct2023.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6288-2

Frequently Asked Questions

What is CVE-2023-22026?
CVE-2023-22026 is a vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
Which versions of MySQL are affected by CVE-2023-22026?
The affected versions are MySQL 5.7.42 and prior, and MySQL 8.0.31 and prior.
What is the severity of CVE-2023-22026?
The severity of CVE-2023-22026 is medium with a severity value of 4.9.
How can an attacker exploit CVE-2023-22026?
An attacker with high privileged access via multiple protocols can exploit CVE-2023-22026.
Is there a fix available for CVE-2023-22026?
Ensure that you have updated to MySQL version 5.7.43 or 8.0.32, as these versions contain the fix for CVE-2023-22026.

agent/type
agent/remedy
agent/severity
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
agent/first-publish-date
agent/author
collector/launchpad-cve
source/Launchpad
agent/description
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-index
package-manager/ubuntu
package-manager/debian
vendor/oracle
canonical/mysql
version/mysql/5.0.0
version/mysql/5.7.42
version/mysql/8.0
version/mysql/8.0.31
vendor/netapp
canonical/netapp oncommand insight