PT-2023-9559 · Oracle+8 · Mysql Server+7

Publicado

2023-12-07

·

Atualizado

2025-03-17

·

CVE-2024-21239

CVSS v2.0

6.8

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior
Description The issue is related to the InnoDB component of MySQL Server and can be easily exploited. It allows an attacker with high privileges and network access via multiple protocols to compromise MySQL Server, potentially causing a hang or frequently repeatable crash (complete DOS) of MySQL Server. The exploitation of this vulnerability may be related to incorrect clearance or release of resources.
Recommendations For versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting network access to MySQL Server to minimize the risk of exploitation.

Correção

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50358
AZL-50441
BDU:2024-08437
CESA-2025_1673
CVE-2024-21239
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673
USN-7102-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linuxmint
Mysql Server
Red Hat
Rocky Linux
Ubuntu