CVE-2022-21304 Overview
CVE-2022-21304 is a Denial of Service vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Parser component. This vulnerability allows a high privileged attacker with network access to cause MySQL Server to hang or crash repeatedly, resulting in complete denial of service for dependent applications and services.
Critical Impact
Successful exploitation enables attackers to cause a complete denial of service condition on MySQL Server, potentially disrupting critical database operations and dependent applications.
Affected Products
- Oracle MySQL 5.7.36 and prior versions
- Oracle MySQL 8.0.27 and prior versions
- NetApp Active IQ Unified Manager (vSphere and Windows)
- NetApp OnCommand Insight
- NetApp OnCommand Workflow Automation
- NetApp SnapCenter
- Fedora 34 and 35
Discovery Timeline
- 2022-01-19 - CVE CVE-2022-21304 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2022-21304
Vulnerability Analysis
This vulnerability resides in the Parser component of MySQL Server. The Parser is responsible for analyzing and interpreting SQL statements before execution. When a malformed or specially crafted query is processed, the parser fails to handle certain edge cases properly, leading to a crash or hang condition.
The vulnerability requires high privileges to exploit, meaning the attacker must already have authenticated access to the MySQL server with elevated permissions. However, once exploited, the impact is severe as it affects the availability of the entire database server, causing service disruption for all connected applications and users.
Root Cause
The root cause of CVE-2022-21304 lies in improper handling of certain input conditions within the MySQL Server Parser component. When processing specific SQL statements, the parser encounters an unhandled exception or enters an infinite loop state, causing the server to become unresponsive or crash. This represents an input validation error where boundary conditions are not properly checked during query parsing.
Attack Vector
The attack is network-based and can be executed through multiple protocols supported by MySQL Server. An authenticated attacker with high privileges can send specially crafted SQL queries to the MySQL server. These malicious queries trigger the parsing vulnerability, causing the server to enter a denial of service state. The attack is easily exploitable as it does not require user interaction and can be executed with low attack complexity once the attacker has the necessary privileges.
The exploitation flow involves:
- Attacker authenticates to MySQL Server with high privileges
- Attacker sends a malformed SQL statement targeting the Parser component
- The Parser fails to properly handle the input
- MySQL Server crashes or hangs, causing complete denial of service
Detection Methods for CVE-2022-21304
Indicators of Compromise
- Unexpected MySQL Server crashes or restarts without clear system resource issues
- MySQL error logs showing parser-related errors or crashes immediately before service interruption
- Repeated connection failures from applications dependent on the MySQL database
- Abnormal or malformed SQL queries in general query logs from privileged accounts
Detection Strategies
- Monitor MySQL error logs for parser component crash signatures and unexpected service terminations
- Implement database activity monitoring to detect unusual query patterns from privileged accounts
- Configure alerting for MySQL service availability to detect denial of service conditions quickly
- Review audit logs for suspicious SQL statements executed by high-privileged users
Monitoring Recommendations
- Enable MySQL general query logging for privileged accounts to capture potentially malicious queries
- Set up automated monitoring for MySQL service uptime with rapid alerting capabilities
- Implement network-level monitoring to detect unusual traffic patterns to MySQL ports
- Configure periodic health checks on MySQL Server to detect hung states before complete failure
How to Mitigate CVE-2022-21304
Immediate Actions Required
- Upgrade Oracle MySQL to version 5.7.37 or later (for 5.7.x branch) or 8.0.28 or later (for 8.0.x branch)
- Review and restrict high-privilege MySQL accounts to minimize attack surface
- Implement network segmentation to limit which systems can connect to MySQL servers
- Enable comprehensive logging to detect potential exploitation attempts
Patch Information
Oracle has addressed this vulnerability in the January 2022 Critical Patch Update. Organizations should apply the latest security patches from the Oracle Security Alert for January 2022. For NetApp products, refer to the NetApp Security Advisory for specific patch guidance. Fedora users should update MySQL packages through their distribution's package manager as described in the Fedora Package Announcements.
Workarounds
- Restrict network access to MySQL Server to only trusted hosts and networks using firewall rules
- Implement strict privilege management by limiting the number of accounts with high-level database privileges
- Enable MySQL audit plugins to log and monitor all privileged user activity
- Configure connection limits and timeouts to reduce the impact of potential denial of service attacks
# Configuration example for restricting MySQL network access
# Add to MySQL configuration file (my.cnf or my.ini)
[mysqld]
# Bind MySQL to specific interface instead of all interfaces
bind-address = 127.0.0.1
# Limit maximum connections to reduce DoS impact
max_connections = 100
# Set connection timeout to prevent hung connections
wait_timeout = 300
interactive_timeout = 300
# Enable general query log for privileged account monitoring
general_log = 1
general_log_file = /var/log/mysql/mysql.log
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
