Denial of Service Vulnerability in MySQL Server by Oracle
CVE-2024-21125

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Ndb Cluster; Mysql Server
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-21125?

A vulnerability has been identified in Oracle's MySQL Server, specifically within the Full-Text Search component. This flaw affects versions 8.0.37 and prior, as well as 8.4.0 and prior, and can be exploited by attackers with high privileges and network access through multiple protocols. The exploitation of this vulnerability can lead to unauthorized actions that result in a denial of service, causing the MySQL Server to hang or crash reliably.

Affected Version(s)

MySQL NDB Cluster * <= 7.5.34

MySQL NDB Cluster * <= 7.6.30

MySQL NDB Cluster * <= 8.0.37

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024