CVE-2024-21238

Name of the Vulnerable Software and Affected Versions Oracle MySQL Server versions 8.0.39 and prior Oracle MySQL Server versions 8.4.1 and prior Oracle MySQL Server versions 9.0.1 and prior

Description The issue is related to the Server: Thread Pooling component of Oracle MySQL Server and is associated with authorization procedure flaws. It allows a low-privileged attacker with network access via multiple protocols to compromise the MySQL Server, resulting in the ability to cause a hang or frequently repeatable crash (complete DOS) of the server. The exploitation of this issue is difficult and can be done remotely using the MySQL protocol.

Recommendations For Oracle MySQL Server versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For Oracle MySQL Server versions 8.4.1 and prior, update to a version later than 8.4.1 to resolve the issue. For Oracle MySQL Server versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Server: Thread Pooling component until a patch is available.