CVE-2023-21963 LOW

CVE-2023-21963

Vendor Oracle Corporation

Product MySQL Server

Published April 18, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

2.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Key dates

02Disclosure timeline

April 18, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21963

Identifiers

CVE CVE-2023-21963

CVSS 2.7 / LOW

Affected versions

Vendor Oracle Corporation

Product MySQL Server

Affected 5.7.40 and prior

Vendor Oracle Corporation

Product MySQL Server

Affected 8.0.31 and prior