CVE-2024-20994

Name of the Vulnerable Software and Affected Versions Oracle MySQL Server versions 8.0.36 and prior Oracle MySQL Server versions 8.3.0 and prior

Description The issue is related to a vulnerability in the MySQL Server product, specifically in the Server: Information Schema component. This vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, allowing them to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server.

Recommendations For Oracle MySQL Server versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue. For Oracle MySQL Server versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.