Vulnerability Summary: Advisory IDs: ZDI-22-108, ZDI-CAN-14499 CVE ID: CVE-2022-21323 CVSS Score: 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) Affected Vendors: Oracle Affected Products: MySQL Cluster Vulnerability Details: - This vulnerability in Oracle MySQL Cluster allows remote attackers to disclose sensitive information due to improper validation of user-supplied array indices. - The issue stems from inadequate validation leading to a read past the end of an array. This can be exploited with other vulnerabilities for arbitrary code execution. Vendor Update: Oracle released a fix; more details are available here. Disclosure Timeline: - 2021-07-23: Vulnerability reported to vendor - 2022-01-21: Coordinated public release of advisory Credit: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative.