Jingzhou Fu

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 **Description** Integer wraparound in multiple server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This can lead to arbitrary code execution as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the input provider may cause a segmentation fault, which is an error occurring when a program attempts to access a memory location that it is not allowed to access. **Recommendations** Update to version 18.4 or later. Update to version 17.10 or later. Update to version 16.14 or later. Update to version 15.18 or later. Update to version 14.23 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 9.0.0 through 9.5.0 **Description** An issue exists in the MySQL Server component, specifically within the Optimizer. A low-privileged attacker with network access through multiple protocols can cause a denial-of-service condition, leading to a hang or frequent crashes of the MySQL Server. **Recommendations** Update to a version beyond 9.5.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 9.0.0 through 9.5.0 **Description** A flaw exists in the Oracle MySQL Server component, specifically within the Optimizer. A low-privileged attacker with network access through multiple protocols can exploit this issue to cause a denial-of-service condition, leading to a hang or frequent crashes of the MySQL Server. **Recommendations** Update to a version later than 9.5.0.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 8.0.0 through 8.0.42 Oracle MySQL versions 8.4.0 through 8.4.5 Oracle MySQL versions 9.0.0 through 9.3.0 **Description** A vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. A low-privileged attacker with network access can compromise the server through multiple protocols. Successful exploitation can lead to a denial-of-service (DOS) condition, causing a hang or frequent crashes of the MySQL Server. **Recommendations** Update Oracle MySQL to a version beyond 8.0.42. Update Oracle MySQL to a version beyond 8.4.5. Update Oracle MySQL to a version beyond 9.3.0.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.42 MySQL Server versions 8.4.0 through 8.4.5 MySQL Server versions 9.0.0 through 9.3.0 **Description** A vulnerability exists in the Optimizer component of Oracle MySQL Server. A low-privileged attacker with network access can compromise the server through multiple protocols. Successful exploitation can lead to a denial-of-service (DOS) condition, causing a hang or frequent crashes of the MySQL Server. **Recommendations** MySQL Server versions prior to 8.0.43 MySQL Server versions prior to 8.4.6 MySQL Server versions prior to 9.3.1

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, leading to a denial of service. **Recommendations** For MySQL Server versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For MySQL Server versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For MySQL Server versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior **Description** The issue is related to the Server: Optimizer component of MySQL Server, which can be easily exploited by an attacker with low privileges and network access via multiple protocols. This can lead to unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, impacting its availability. The exploitation can occur remotely, allowing the attacker to potentially access or modify protected information and data through the MySQL network protocol. **Recommendations** For versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue. As a temporary workaround, consider restricting network access to MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior **Description** The issue is related to the Server: Optimizer component of MySQL Server, allowing an attacker with low privileges and network access via multiple protocols to compromise the server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, impacting its availability. The vulnerability can be exploited remotely, potentially allowing unauthorized access to protected information and modification, addition, or deletion of data using the MySQL network protocol. **Recommendations** For versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior **Description** The issue is related to an unbounded resource allocation in the MySQL Server product, specifically in the Server: Optimizer component. This can be exploited by a remote attacker with low privileges and network access via multiple protocols, potentially leading to a denial of service (DOS) by causing the MySQL Server to hang or crash repeatedly. The estimated impact is on the availability of the system. **Recommendations** For MySQL Server versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For MySQL Server versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For MySQL Server versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior **Description** The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the Server: X Plugin component, is related to insufficient input validation. This issue can be exploited by a low-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in the ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 8.0.39 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 8.4.2 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 9.0.1 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Server: X Plugin component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version later than 8.0.35 to resolve the issue. For MySQL Server versions 8.2.0 and prior, update to a version later than 8.2.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of the MySQL Server product. This can be exploited by a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 8.2.0 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a low-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version later than 8.0.35 to resolve the issue. For MySQL Server versions 8.2.0 and prior, update to a version later than 8.2.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The vulnerability is related to insufficient input validation in the Server: Optimizer component of the MySQL Server product. This issue can be exploited by a high-privileged attacker with network access via multiple protocols, allowing them to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version later than 8.0.35 to resolve the issue. For MySQL Server versions 8.2.0 and prior, update to a version later than 8.2.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.