CVE-2024-21087

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior

Description The issue is related to the MySQL Server product of Oracle MySQL, specifically the Server: Group Replication Plugin component. It allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability is easily exploitable and related to incorrect cleanup or release of resources.

Recommendations For MySQL Server versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue. For MySQL Server versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the Server: Group Replication Plugin component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.