PT-2023-9570 · Oracle+8 · Mysql Server+7

Jie Liang

+3

·

Publicado

2023-12-07

·

Atualizado

2025-03-17

·

CVE-2024-21230

CVSS v2.0

6.8

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Oracle MySQL Server versions 8.0.39 and prior Oracle MySQL Server versions 8.4.2 and prior Oracle MySQL Server versions 9.0.1 and prior
Description The issue is related to incorrect resource cleanup or deallocation in the Server: Optimizer component of Oracle MySQL Server, allowing a low-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Recommendations For Oracle MySQL Server versions 8.0.39 and prior: Upgrade to a version later than 8.0.39. For Oracle MySQL Server versions 8.4.2 and prior: Upgrade to a version later than 8.4.2. For Oracle MySQL Server versions 9.0.1 and prior: Upgrade to a version later than 9.0.1. As a temporary workaround, consider restricting access to the Server: Optimizer component until a patch is available.

Correção

DoS

Improper Resource Release

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404CWE-400

Identificadores relacionados

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50402
AZL-50426
BDU:2024-08449
CESA-2025_1673
CVE-2024-21230
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673
USN-7102-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linuxmint
Mysql Server
Red Hat
Rocky Linux
Ubuntu