Yongheng Chen

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.30 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.30 and prior, update to a version later than 8.0.30 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Additionally, monitor server performance and logs to quickly identify and respond to potential attacks.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue exists due to insufficient input validation in the Server: Optimizer component of the MySQL Server system. This allows a remote attacker to cause a denial of service. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of the MySQL Server. **Recommendations** For MySQL Server versions 8.0.21 and prior, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: DML component. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the takeover of the MySQL Server or cause a hang or frequently repeatable crash (complete DOS) of the server. **Recommendations** For versions 8.0.21 and prior, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lua version 5.4.0 **Description** The issue is related to an integer overflow in the ldebug.c component of the Lua script interpreter. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is demonstrated by the getlocal(3,2^31) function call, which can lead to a negation overflow and segmentation fault in getlocal and setlocal functions. **Recommendations** For Lua version 5.4.0, consider disabling the getlocal and setlocal functions in the ldebug.c component as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the getlocal function with large input values, such as 2^31, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.20 and prior **Description** The issue is related to insufficient input validation in the Server: DML component of Oracle MySQL Server. This can be exploited by a remote attacker to cause the server to hang or crash, resulting in a denial of service. The vulnerability can be exploited via multiple protocols, and successful attacks can lead to unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.20 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.20 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.20 and prior, update to a version later than 8.0.20 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to an out of bounds read in the SQLite component of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page to obtain potentially sensitive information from process memory. **Recommendations** For Google Chrome versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue.