Unauthenticated Attack via Network Access Can Cause Hang or Crash of MySQL Connectors
CVE-2024-21090

7.5HIGH

Key Information:

Vendor: Oracle
Status: Mysql Connectors
Vendor: CVE Published:; 16 April 2024

Summary

The vulnerability identified in Oracle MySQL's Connector/Python component allows unauthenticated remote attackers to exploit the affected MySQL Connectors versions 8.3.0 and earlier. This exploitation can lead to a denial of service (DoS), causing the connectors to hang or crash repeatedly. The attack can be conducted through various network protocols, which makes it easily exploitable by adversaries with access to the network, potentially disrupting service availability for users and applications reliant on MySQL Connectors.

Affected Version(s)

MySQL Connectors * <= 8.3.0

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024