Denial of Service Vulnerability in Oracle MySQL Server
CVE-2024-20965

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Ndb Cluster; Mysql Server
Vendor: CVE Published:; 16 January 2024

What is CVE-2024-20965?

An easily exploitable vulnerability exists within Oracle's MySQL Server, specifically in the Optimizer component. This vulnerability affects supported versions 8.0.35 and earlier, as well as 8.2.0 and earlier. A high-privileged attacker with network access can manipulate this vulnerability across various protocols. When exploited, it can lead to unauthorized actions that result in a denial of service, causing the MySQL Server to hang or crash repeatedly, disrupting database availability.

Affected Version(s)

MySQL NDB Cluster * <= 7.5.32

MySQL NDB Cluster * <= 7.6.28

MySQL NDB Cluster * <= 8.0.35

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240201-0003/

https://security.netapp.com/advisory/ntap-20240201-0006/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023