SB2022041947 - Multiple vulnerabilities in MySQL Cluster 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022041947

SB2022041947 - Multiple vulnerabilities in MySQL Cluster

Published: April 19, 2022 Updated: May 3, 2022

Security Bulletin ID SB2022041947
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 57% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2022-21486)

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.


2) Improper input validation (CVE-ID: CVE-2022-21485)

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.


3) Improper input validation (CVE-ID: CVE-2022-21484)

The vulnerability allows a remote privileged user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.


4) Improper input validation (CVE-ID: CVE-2022-21490)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation when parsing Data Node jobs. A remote privileged user can exploit this vulnerability to execute arbitrary code.


5) Buffer overflow (CVE-ID: CVE-2022-21489)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Data Node jobs. A remote user can send specially crafted request to the database, trigger a buffer overflow and execute arbitrary code on the system.


6) Improper input validation (CVE-ID: CVE-2022-21483)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.


7) Improper input validation (CVE-ID: CVE-2022-21482)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.


Remediation

Install update from vendor's website.

References