PT-2023-9568 · Oracle+6 · Mysql Server+5

Publicado

2023-12-07

·

Atualizado

2025-03-17

·

CVE-2024-21218

CVSS v2.0

6.8

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior
Description The issue is related to the InnoDB component of Oracle MySQL Server and is caused by incorrect clearance or release of resources. It allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Recommendations For versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Correção

DoS

Improper Resource Release

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404CWE-400

Identificadores relacionados

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50390
AZL-50430
BDU:2024-08447
CESA-2025_1673
CVE-2024-21218
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673

Produtos afetados

Alt Linux
Almalinux
Centos
Mysql Server
Red Hat
Rocky Linux