CVE-2024-21015

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.34 and prior MySQL Server versions 8.3.0 and prior

Description: The vulnerability in the MySQL Server product of Oracle MySQL is related to insufficient input validation in the Server: DML component. This issue can be exploited by a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of the MySQL Server, as well as unauthorized update, insert, or delete access to some of the MySQL Server's accessible data.

Recommendations: For MySQL Server versions 8.0.34 and prior, update to a version that includes the fix for this vulnerability. For MySQL Server versions 8.3.0 and prior, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Avoid using the Server: DML component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.