CVE-2022-21278 Overview
CVE-2022-21278 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. This easily exploitable vulnerability allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful exploitation can result in unauthorized ability to cause a hang or frequently repeatable crash (complete denial of service) of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data.
Critical Impact
This vulnerability enables denial of service attacks and unauthorized data modification against MySQL Server versions 8.0.26 and prior, potentially causing significant service disruption and data integrity issues in production environments.
Affected Products
- Oracle MySQL Server versions 8.0.26 and prior
- NetApp OnCommand Insight
- NetApp OnCommand Workflow Automation
Discovery Timeline
- January 19, 2022 - CVE-2022-21278 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2022-21278
Vulnerability Analysis
The vulnerability resides in the Server: Optimizer component of Oracle MySQL. The Optimizer is responsible for determining the most efficient execution plan for SQL queries. A flaw in this component allows attackers with low-privilege database access to craft malicious queries that trigger abnormal behavior in the query optimization process.
The attack can be executed over the network using multiple protocols supported by MySQL, making it accessible from remote locations. When exploited, the vulnerability causes the MySQL Server to either hang indefinitely or crash repeatedly, resulting in a complete denial of service. Additionally, the vulnerability permits unauthorized modification operations (update, insert, delete) on certain accessible data within the MySQL Server.
Root Cause
The root cause stems from improper handling within the MySQL Server's Optimizer component. While Oracle has not disclosed specific technical details about the exact nature of the flaw (classified as NVD-CWE-noinfo), the vulnerability appears to involve insufficient validation or boundary checking during query optimization operations, allowing crafted inputs to trigger resource exhaustion or memory corruption scenarios.
Attack Vector
The vulnerability is exploitable over the network by authenticated users with low-privilege access to the MySQL Server. The attack requires no user interaction and can be executed through multiple MySQL-supported protocols. An attacker needs only basic database connectivity and minimal credentials to launch the attack. The ease of exploitation combined with the potential for service disruption makes this vulnerability particularly concerning for production database environments.
The attack primarily targets availability by causing server hangs or crashes, but also enables limited integrity violations through unauthorized data manipulation capabilities.
Detection Methods for CVE-2022-21278
Indicators of Compromise
- Unexpected MySQL Server crashes or hangs occurring repeatedly
- Unusual query patterns in MySQL slow query logs, particularly complex optimization-intensive queries
- Authentication attempts from unexpected IP addresses with low-privilege accounts
- Abnormal resource consumption (CPU/memory spikes) during query processing
Detection Strategies
- Monitor MySQL error logs for repeated crash events or optimizer-related errors
- Implement database activity monitoring to identify anomalous query patterns targeting the optimizer
- Configure alerting on MySQL Server availability metrics and unexpected restarts
- Review audit logs for low-privilege accounts executing unusual data modification operations
Monitoring Recommendations
- Enable MySQL general query log or slow query log during investigation periods
- Deploy network-based intrusion detection to identify malicious MySQL protocol traffic
- Implement application performance monitoring (APM) to detect service degradation patterns
- Configure automated alerting for MySQL Server availability and health checks
How to Mitigate CVE-2022-21278
Immediate Actions Required
- Upgrade MySQL Server to versions newer than 8.0.26 that contain the security patch
- Review and restrict database user privileges to minimum required access levels
- Implement network segmentation to limit MySQL Server exposure
- Monitor for exploitation attempts while planning upgrade activities
Patch Information
Oracle has released security patches addressing this vulnerability as part of the January 2022 Critical Patch Update. Administrators should consult the Oracle Security Alert January 2022 for detailed patch information and download instructions. NetApp customers should also review the NetApp Security Advisory NTAP-20220121-0008 for guidance on affected NetApp products.
Workarounds
- Restrict network access to MySQL Server using firewall rules to trusted IP addresses only
- Enforce strict privilege management, revoking unnecessary permissions from database accounts
- Implement connection rate limiting to reduce the impact of potential exploitation attempts
- Consider deploying a database firewall or proxy to filter potentially malicious queries
# Example: Restrict MySQL network access via iptables
iptables -A INPUT -p tcp --dport 3306 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
# Example: Review user privileges in MySQL
mysql -e "SELECT user, host, Super_priv, Process_priv FROM mysql.user;"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
