PT-2024-3945 · Oracle+12 · Mysql Server+11

Published

2024-04-16

·

Updated

2025-08-20

·

CVE-2024-21096

CVSS v2.0

6.1

Medium

VectorAV:N/AC:L/Au:M/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior
Description A difficult to exploit vulnerability in the MySQL Server product allows an unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks can result in unauthorized update, insert or delete access to some of MySQL Server accessible data, as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service of MySQL Server.
Recommendations For MySQL Server versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue. For MySQL Server versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the mysqldump component until a patch is available.

Fix

Improper Authorization

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-404

Related Identifiers

ALSA-2025:0737
ALSA-2025:0739
ALSA-2025:0912
ALSA-2025:0914
ALT-PU-2024-11520
ALT-PU-2024-12462
ALT-PU-2024-13043
ALT-PU-2024-13047
ALT-PU-2024-13262
ALT-PU-2024-7970
ALT-PU-2024-7972
ALT-PU-2024-7976
ALT-PU-2024-7978
ALT-PU-2024-8088
ALT-PU-2024-8426
AZL-49936
AZL-49948
AZL-49962
AZL-49971
BDU:2024-04355
BDU:2024-04356
BIT-MARIADB-2024-21096
BIT-MARIADB-MIN-2024-21096
BIT-MYSQL-CLIENT-2024-21096
CESA-2025_0737
CESA-2025_0739
CVE-2024-21096
DLA-3891-1
INFSA-2025_0737
INFSA-2025_0739
INFSA-2025_0912
INFSA-2025_0914
MGASA-2024-0195
OESA-2024-1558
OESA-2024-1559
OESA-2024-1560
OESA-2024-1561
OESA-2024-1744
OESA-2024-2071
OESA-2025-1395
OESA-2025-1542
OPENSUSE-SU-2024_1985-1
OPENSUSE-SU-2024_2032-1
OPENSUSE-SU-2024_3018-1
RHSA-2025:0737
RHSA-2025:0739
RHSA-2025:0912
RHSA-2025:0914
RHSA-2025_0737
RHSA-2025_0739
RHSA-2025_0912
RHSA-2025_0914
RHSA-2026:0335
RLSA-2025:0737
RLSA-2025:0739
RLSA-2025:0912
RLSA-2025:0914
SUSE-SU-2024:1985-1
SUSE-SU-2024:2032-1
SUSE-SU-2024:3018-1
SUSE-SU-2024_2032-1
SUSE-SU-2024_3018-1
USN-6823-1
USN-6839-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Mariadb Server
Mysql Server
Red Hat
Rocky Linux
Suse
Ubuntu