CVE-2023-22084
mariadb-10.3 - security update
Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
How to fix CVE-2023-22084
To remediate CVE-2023-22084, upgrade the affected package to a fixed version below.
- —upgrade to 10.6.16-r0 or later
- —upgrade to 10.4.32 or later
- —upgrade to 10.4.32 or later
- —upgrade to 10.4.32 or later
- —upgrade to 1:10.11.6-0+deb12u1 or later
- —upgrade to 1:10.3.39-0+deb10u2 or later
- —upgrade to 1:10.5.23-0+deb11u1 or later
Is CVE-2023-22084 being exploited?
Moderate — EPSS is 7.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (7)
- from 0, < 10.6.16-r0
- from 0, < 10.4.32, >= 10.5.0, < 10.5.23, >= 10.6.0, < 10.6.16, >= 10.7.0, < 10.10.7, >= 10.11.0, < 10.11.6, >= 11.0.0, < 11.0.4, >= 11.1.0, < 11.1.3, >= 11.2.0, < 11.2.2
- from 0, < 10.4.32, >= 10.5.0, < 10.5.23, >= 10.6.0, < 10.6.16, >= 10.7.0, < 10.10.7, >= 10.11.0, < 10.11.6, >= 11.0.0, < 11.0.4, >= 11.1.0, < 11.1.3, >= 11.2.0, < 11.2.2
- from 0, < 10.4.32, >= 10.5.0, < 10.5.23, >= 10.6.0, < 10.6.16, >= 10.7.0, < 10.10.7, >= 10.11.0, < 10.11.6, >= 11.0.0, < 11.0.4, >= 11.1.0, < 11.1.3, >= 11.2.0, < 11.2.2
- from 0, < 1:10.11.6-0+deb12u1
- from 0, < 1:10.3.39-0+deb10u2
- from 0, < 1:10.5.23-0+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |