PT-2023-9562 · Oracle+8 · Mysql Server+7

Publicado

2023-12-07

·

Atualizado

2025-03-17

·

CVE-2024-21241

CVSS v2.0

6.8

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior
Description The issue is related to incorrect clearance or release of resources in the Optimizer component of Oracle MySQL Server. This can be exploited by a remote attacker to cause a denial of service. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of MySQL Server.
Recommendations For MySQL Server versions 8.0.39 and prior, consider restricting network access to minimize the risk of exploitation until a patch is available. For MySQL Server versions 8.4.2 and prior, consider restricting network access to minimize the risk of exploitation until a patch is available. For MySQL Server versions 9.0.1 and prior, consider restricting network access to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50367
AZL-50409
BDU:2024-08441
CESA-2025_1673
CVE-2024-21241
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673
USN-7102-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linuxmint
Mysql Server
Red Hat
Rocky Linux
Ubuntu