PT-2023-9630 · Mysql Server · Mysql Connectors

Published

2023-12-07

Updated

2024-10-17

CVE-2024-21170

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 8.4.0 and prior

Description The issue is related to insufficient input validation in the Connector/Python component of the MySQL Connectors product. This can allow a remote attacker with low privileges and network access via multiple protocols to compromise MySQL Connectors, resulting in unauthorized access to data, including read, update, insert, and delete operations, as well as the ability to cause a partial denial of service.

Recommendations For versions 8.4.0 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-404

Related Identifiers

BDU:2024-08910

CVE-2024-21170

Affected Products

Mysql Connectors

PT-2023-9630 · Mysql Server · Mysql Connectors

CVE-2024-21170

Weakness Enumeration

Related Identifiers

Affected Products

References · 10