Bug 2196673 (CVE-2023-21971) - CVE-2023-21971 mysql-connector-java: Connector/J unspecified vulnerability (CPU April 2023)
Summary: CVE-2023-21971 mysql-connector-java: Connector/J unspecified vulnerability (C...
Keywords:
Status: NEW
Alias: CVE-2023-21971
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2196674
Blocks: 2196675
TreeView+ depends on / blocked
 
Reported: 2023-05-09 19:54 UTC by Mauro Matteo Cascella
Modified: 2024-08-01 08:28 UTC (History)
68 users (show)

Fixed In Version: mysql-connector-java 8.0.33
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-05-09 19:54:58 UTC 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-21971
https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL
Comment 1 Mauro Matteo Cascella 2023-05-09 19:55:24 UTC 
Created mysql-connector-java tracking bugs for this issue:

Affects: fedora-all [bug 2196674]
Note You need to log in before you can comment on or make changes to this bug.