PT-2024-8134 · Oracle+6 · Mysql Server+5

Published

2024-10-15

Updated

2025-03-17

CVE-2024-21203

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior

Description: The issue exists due to improper input validation in components. Exploitation of this issue may allow a remote attacker to cause a denial of service. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations: For versions 8.0.39 and prior, update to a version later than 8.0.39 to resolve the issue. For versions 8.4.2 and prior, update to a version later than 8.4.2 to resolve the issue. For versions 9.0.1 and prior, update to a version later than 9.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Server: FTS component until a patch is available.

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ALSA-2025:1671

ALSA-2025:1673

ALT-PU-2024-14481

ALT-PU-2024-14548

ALT-PU-2024-14706

ALT-PU-2024-14708

AZL-50405

AZL-50442

BDU:2024-09675

CESA-2025_1673

CVE-2024-21203

INFSA-2025_1671

INFSA-2025_1673

OESA-2024-2287

RHSA-2025:1671

RHSA-2025:1673

RHSA-2025_1671

RHSA-2025_1673

RLSA-2025:1671

RLSA-2025:1673

Affected Products

Alt Linux

Almalinux

Centos

Mysql Server

Red Hat

Rocky Linux

PT-2024-8134 · Oracle+6 · Mysql Server+5

CVE-2024-21203

Weakness Enumeration

Related Identifiers

Affected Products

References · 198