What is CVE-2023-21940?

Oracle MySQL Server has a medium-severity vulnerability that can lead to a denial of service. Affected versions include 8.0.32 and earlier. Immediate patching is advised to mitigate risks.

What is the severity of CVE-2023-21940?

CVE-2023-21940 has a severity rating of MEDIUM with a CVSS base score of 4.4.

CVE-2023-21940 | Medium Vulnerability in Oracle MySQL Server

CVE-2023-21940 is a vulnerability found in the MySQL Server product of Oracle MySQL, specifically within the Server: Components Services component. This vulnerability affects supported versions up to 8.0.32 and prior, posing a medium severity level with a CVSS score of 4.4. The vulnerability is characterized as difficult to exploit, allowing a high privileged attacker with network access via multiple protocols to compromise the MySQL Server.

Successful exploitation can lead to a denial of service (DoS), causing the MySQL Server to hang or crash frequently. Given the potential impact on availability, organizations that utilize affected versions should prioritize addressing this vulnerability promptly.

Organizations should take immediate action to mitigate risks associated with this vulnerability, as it can severely disrupt operations. Patching should be prioritized to ensure the integrity and availability of the MySQL Server environment.

While there are no known public exploits or proof of concepts at this time, the vulnerabilities of this nature often attract attackers, making timely remediation essential.

Vulnerability Details

The official description of CVE-2023-21940 states that the vulnerability allows high privileged attackers to compromise MySQL Server through network access. The CVSS 3.1 Base Score is 4.4, with the following vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Affected products include Oracle MySQL Server version 8.0.32 and prior. The publication date of this vulnerability was April 18, 2023.

Technical Analysis

The root cause of CVE-2023-21940 lies in the MySQL Server's handling of requests over the network. Attackers may leverage this vulnerability to execute denial of service attacks by sending crafted requests to the server. The attack complexity is rated as high, requiring significant privileges, and user interaction is not needed.

The attack vector is classified as network-based, meaning an attacker must have network access to the MySQL Server. The confidentiality and integrity impacts are rated as none, but the availability impact is high, potentially resulting in significant disruption to services.

Risk & Impact Analysis

Risk to organizations includes potential downtime of MySQL Server instances, which can lead to loss of access to critical data and disruption of business operations. Given the availability impact, organizations should assess their exposure and implement necessary remediation strategies.

Although the CVSS score is 4.4, indicating a medium level of severity, the urgency for patching should not be underestimated. Organizations should schedule remediation as part of their priority patch cycle, particularly those with high availability requirements.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include MySQL Server 8.0.32 and prior. Organizations using these versions should prioritize updates.

Mitigation & Remediation

Organizations are advised to patch their MySQL Server to the latest version as part of their remediation strategy. More details on the patch can be found in the Oracle Critical Patch Update Advisory.

Penetration testing can also help identify similar vulnerabilities in the environment.

Detection Guidance

Monitoring for unusual MySQL Server behavior, such as frequent crashes or hangs, can provide early indicators of exploitation attempts. Log analysis should focus on connection attempts and request patterns.

AppSecure Threat Intelligence Insight

CVE-2023-21940 highlights ongoing challenges in securing database management systems against denial of service attacks. Organizations must remain vigilant and prioritize security assessments to mitigate potential risks. For detailed security assessments, organizations can refer to our vulnerability management program to strengthen their security posture.

To further enhance security, consider implementing best practices in penetration testing methodology and engage in regular security audits.

For organizations utilizing cloud environments, exploring our cloud penetration testing guide can provide additional insights into securing database services.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-21940: Medium Vulnerability in Oracle MySQL Server