Gianluca Danesin

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Cluster versions 8.0.25 and prior **Description** The issue exists due to insufficient input validation in the Cluster: JS module of the Oracle MySQL Cluster system. This allows a remote attacker to cause a partial denial of service (DOS) of MySQL Cluster via multiple protocols. The attacker does not need authentication and can access the system through the network. Successful exploitation can result in unauthorized ability to cause a partial denial of service. **Recommendations** For versions 8.0.25 and prior, consider restricting network access to the Cluster: JS module until a patch is available. As a temporary workaround, limit the use of the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue is related to errors in resource release in the MySQL Server: Optimizer component. It allows a remote attacker to cause a denial of service. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols, resulting in the ability to cause a hang or frequently repeatable crash of the MySQL Server. **Recommendations** For versions 8.0.21 and prior, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.