Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2022-21317 · Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

No description was published by MSRC.

Severity
None
Impact
None
CVSS
2.9 base · 2.9 temporal
Release
2022-01-25
Signals
Mariner None Exploited: n/a Publicly disclosed: n/a Exploitability: n/a
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.