PT-2020-2406 · Oracle+6 · Mysql Server+5

Julien Ahrens

·

Published

2020-04-14

·

Updated

2021-12-30

·

CVE-2020-2774

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Oracle MySQL Server versions 8.0.18 and prior
Description The issue is related to insufficient access control in the Server:Security:Privileges component of Oracle MySQL Server. It can be exploited by a remote attacker to cause a denial of service via the MySQL network protocol. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of MySQL Server.
Recommendations For versions 8.0.18 and prior, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALSA-2020:3732
ALT-PU-2020-1885
ALT-PU-2020-1904
BDU:2020-02378
CESA-2020_3732
CVE-2020-2774
RHSA-2020:3518
RHSA-2020:3732
RHSA-2020:3755
RHSA-2020:3757
RHSA-2020_3732
RLSA-2020:3732

Affected Products

Alt Linux
Almalinux
Centos
Mysql Server
Red Hat
Rocky Linux