Zongrui Peng

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 **Description** The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.0 through 8.0.41, update to a version outside of this range to resolve the issue. For versions 8.4.0 through 8.4.4, update to a version outside of this range to resolve the issue. For versions 9.0.0 through 9.2.0, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior **Description** The issue is related to an unbounded resource allocation in the MySQL Server product, specifically in the Server: Optimizer component. This can be exploited by a remote attacker with low privileges and network access via multiple protocols, potentially leading to a denial of service (DOS) by causing the MySQL Server to hang or crash repeatedly. The estimated impact is on the availability of the system. **Recommendations** For MySQL Server versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For MySQL Server versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For MySQL Server versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior **Description** The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the Server: X Plugin component, is related to insufficient input validation. This issue can be exploited by a low-privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in the ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 8.0.39 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 8.4.2 and prior, update to a version that includes the fix for this issue. For MySQL Server versions 9.0.1 and prior, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Server: X Plugin component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.39 and prior Oracle MySQL Server versions 8.4.2 and prior Oracle MySQL Server versions 9.0.1 and prior **Description** The issue is related to incorrect resource cleanup or deallocation in the Server: Optimizer component of Oracle MySQL Server, allowing a low-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For Oracle MySQL Server versions 8.0.39 and prior: Upgrade to a version later than 8.0.39. For Oracle MySQL Server versions 8.4.2 and prior: Upgrade to a version later than 8.4.2. For Oracle MySQL Server versions 9.0.1 and prior: Upgrade to a version later than 9.0.1. As a temporary workaround, consider restricting access to the Server: Optimizer component until a patch is available.