Yuanyi Li

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.35 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. Recommendations: For versions 8.0.35 and prior, update to a version later than 8.0.35 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior **Description** The issue allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 8.0.35 and prior, update to a version later than 8.0.35. For MySQL Server versions 8.2.0 and prior, update to a version later than 8.2.0. As a temporary workaround, consider restricting network access to the MySQL Server until a patch is available.

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of the Oracle MySQL Server system management database. This can be exploited by a remote attacker to cause a denial of service using the MySQL protocol. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of the MySQL Server. Recommendations: For MySQL Server versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For MySQL Server versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For MySQL Server versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.