CERT-FR has issued an advisory regarding critical vulnerabilities discovered in Oracle MySQL, highlighting significant risks for users of the specified versions.
Advisory Reference: CERTFR-2023-AVI-0863
Publication Date: October 18, 2023
Source: Oracle Security Bulletin cpuoct2023 dated October 17, 2023, Oracle Security Bulletin cpuoct2023verbose dated October 17, 2023
Identified Risks:
- Remote Code Execution
- Remote Denial of Service
- Compromise of Data Integrity
- Compromise of Data Confidentiality
Affected Systems:
- MySQL Enterprise Monitor – versions 8.0.35 and earlier
- MySQL Cluster – versions 8.0.34 and earlier, version 8.1.0
- MySQL Connectors – versions 8.1.0 and earlier
- MySQL Installer – versions earlier than 1.6.8
- MySQL Server – versions 5.7.43 and earlier, versions 8.0.35 and earlier, version 8.1.0
Summary of Vulnerabilities: Multiple vulnerabilities have been identified in Oracle MySQL, some of which allow an attacker to trigger remote code execution, remote denial of service, and compromise data integrity.
Recommended Solution: Users are advised to refer to the security bulletin issued by the vendor for obtaining the necessary patches (see Documentation section for details).