PT-2024-7153 · Oracle+5 · Mysql Client+5

Published

2024-10-15

·

Updated

2025-03-17

·

CVE-2024-21247

CVSS v2.0

5.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions MySQL Client versions 8.0.39 and prior MySQL Client versions 8.4.2 and prior MySQL Client versions 9.0.1 and prior
Description The issue is related to insufficient input validation in the MySQL Client product, specifically in the mysqldump component. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Client, resulting in unauthorized update, insert, or delete access to some of the MySQL Client's accessible data, as well as unauthorized read access to a subset of the MySQL Client's accessible data.
Recommendations For MySQL Client versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For MySQL Client versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For MySQL Client versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Client to minimize the risk of exploitation.

Fix

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-14481
ALT-PU-2024-14548
ALT-PU-2024-14706
ALT-PU-2024-14708
AZL-50354
AZL-50412
BDU:2024-08488
CESA-2025_1673
CVE-2024-21247
INFSA-2025_1671
INFSA-2025_1673
OESA-2024-2287
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673

Affected Products

Alt Linux
Almalinux
Centos
Mysql Client
Red Hat
Rocky Linux