Hangfan Zhang

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.30 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.30 and prior, update to a version later than 8.0.30 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Additionally, monitor server performance and logs to quickly identify and respond to potential attacks.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue exists due to insufficient input validation in the Server: Optimizer component of the MySQL Server system. This allows a remote attacker to cause a denial of service. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of the MySQL Server. **Recommendations** For MySQL Server versions 8.0.21 and prior, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: DML component. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the takeover of the MySQL Server or cause a hang or frequently repeatable crash (complete DOS) of the server. **Recommendations** For versions 8.0.21 and prior, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.20 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.20 and prior, update to a version later than 8.0.20 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.20 and prior **Description** The issue is related to insufficient input validation in the Server: DML component of Oracle MySQL Server. This can be exploited by a remote attacker to cause the server to hang or crash, resulting in a denial of service. The vulnerability can be exploited via multiple protocols, and successful attacks can lead to unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.20 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.