Bug 1213513 (CVE-2023-22033) - VUL-0: CVE-2023-22033: mariadb,mariadb-100: mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
Summary: VUL-0: CVE-2023-22033: mariadb,mariadb-100: mysql: InnoDB unspecified vulnera...
Status: RESOLVED INVALID
Alias: CVE-2023-22033
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Danilo Spinella
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372901/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22033:4.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-20 12:09 UTC by Stoyan Manolov
Modified: 2023-08-24 14:22 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stoyan Manolov 2023-07-20 12:09:46 UTC 
CVE-2023-22033

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). 
Supported versions that are affected are 8.0.33 and prior. Difficult to exploit
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server.  Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability
impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22033
https://bugzilla.redhat.com/show_bug.cgi?id=2224214
https://www.cve.org/CVERecord?id=CVE-2023-22033
https://www.oracle.com/security-alerts/cpujul2023.html
Comment 1 Olivier Tilloy 2023-08-24 13:59:31 UTC 
According to https://mariadb.com/kb/en/security-vulnerabilities-in-oracle-mysql-that-did-not-exist-in-mariadb/, this particular CVE doesn't affect mariadb.