PT-2023-9676 · Oracle+8 · Mysql Server+7

Publicado

2023-12-07

·

Atualizado

2025-03-17

·

CVE-2024-21199

CVSS v2.0

6.8

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior
Description The issue is related to insufficient input validation in the InnoDB component of the MySQL Server. It can be exploited by a remote attacker to cause a denial of service using the MySQL protocol. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of the MySQL Server.
Recommendations For versions 8.0.39 and prior, update to a version that includes the fix for this issue. For versions 8.4.2 and prior, update to a version that includes the fix for this issue. For versions 9.0.1 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50370
AZL-50406
BDU:2024-09657
CESA-2025_1673
CVE-2024-21199
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673
USN-7102-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linuxmint
Mysql Server
Red Hat
Rocky Linux
Ubuntu