openEuler update for mysql5

1) Improper input validation

EUVDB-ID: #VU62430

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-21460

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-21451

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-21444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU52401

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-2226

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU59792

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-21245

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU52390

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-2202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU52420

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-2171

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU49828

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-2022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU52400

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-2179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU52419

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-2174

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU52394

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-2194

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU49834

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-2032

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU52402

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-2160

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

mysql5-test: before 5.7.38-1

mysql5-server: before 5.7.38-1

mysql5-libs: before 5.7.38-1

mysql5-errmsg: before 5.7.38-1

mysql5-embedded-devel: before 5.7.38-1

mysql5-embedded: before 5.7.38-1

mysql5-devel: before 5.7.38-1

mysql5-debugsource: before 5.7.38-1

mysql5-debuginfo: before 5.7.38-1

mysql5-common: before 5.7.38-1

mysql5: before 5.7.38-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	16
CVE-ID	CVE-2022-21460 CVE-2022-21451 CVE-2022-21417 CVE-2022-21444 CVE-2021-2226 CVE-2022-21427 CVE-2022-21454 CVE-2022-21245 CVE-2021-2202 CVE-2021-2171 CVE-2021-2022 CVE-2021-2179 CVE-2021-2174 CVE-2021-2194 CVE-2021-2032 CVE-2021-2160
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system mysql5-test Operating systems & Components / Operating system package or component mysql5-server Operating systems & Components / Operating system package or component mysql5-libs Operating systems & Components / Operating system package or component mysql5-errmsg Operating systems & Components / Operating system package or component mysql5-embedded-devel Operating systems & Components / Operating system package or component mysql5-embedded Operating systems & Components / Operating system package or component mysql5-devel Operating systems & Components / Operating system package or component mysql5-debugsource Operating systems & Components / Operating system package or component mysql5-debuginfo Operating systems & Components / Operating system package or component mysql5-common Operating systems & Components / Operating system package or component mysql5 Operating systems & Components / Operating system package or component
Vendor	openEuler