PT-2023-9674 · Oracle+8 · Mysql Server+7

Publicado

2023-12-07

Atualizado

2025-03-17

CVE-2024-21212

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.39 and prior MySQL Server version 8.4.0

Description The issue is related to insufficient input validation in the Server: Health Monitor component of Oracle MySQL Server. It allows a highly privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Recommendations For MySQL Server versions 8.0.39 and prior, update to a version that contains a fix for this issue. For MySQL Server version 8.4.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2025:1671

ALSA-2025:1673

ALT-PU-2024-14481

ALT-PU-2024-14548

ALT-PU-2024-14706

ALT-PU-2024-14708

AZL-50376

AZL-50433

BDU:2024-09638

CESA-2025_1673

CVE-2024-21212

INFSA-2025_1671

INFSA-2025_1673

OESA-2024-2287

RHSA-2025:1671

RHSA-2025:1673

RHSA-2025_1671

RHSA-2025_1673

RLSA-2025:1671

RLSA-2025:1673

USN-7102-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linuxmint

Mysql Server

Red Hat

Rocky Linux

Ubuntu

PT-2023-9674 · Oracle+8 · Mysql Server+7

CVE-2024-21212

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 217