Bug 1213513 (CVE-2023-22033)

Summary: VUL-0: CVE-2023-22033: mariadb,mariadb-100: mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
Product: [Novell Products] SUSE Security Incidents Reporter: Stoyan Manolov <stoyan.manolov>
Component: IncidentsAssignee: Danilo Spinella <danilo.spinella>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: olivier.tilloy, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372901/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22033:4.4:(AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stoyan Manolov 2023-07-20 12:09:46 UTC 
CVE-2023-22033

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). 
Supported versions that are affected are 8.0.33 and prior. Difficult to exploit
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server.  Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability
impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22033
https://bugzilla.redhat.com/show_bug.cgi?id=2224214
https://www.cve.org/CVERecord?id=CVE-2023-22033
https://www.oracle.com/security-alerts/cpujul2023.html
Comment 1 Olivier Tilloy 2023-08-24 13:59:31 UTC 
According to https://mariadb.com/kb/en/security-vulnerabilities-in-oracle-mysql-that-did-not-exist-in-mariadb/, this particular CVE doesn't affect mariadb.