CVE-2020-14776: 
MySQL vulnerability analysis and mitigation

CVE-2020-14776 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the InnoDB component. The vulnerability affects MySQL versions 5.7.31 and prior, and 8.0.21 and prior. This vulnerability was disclosed as part of Oracle's October 2020 Critical Patch Update (Oracle CPU).

The vulnerability is characterized by a CVSS v3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), has unchanged scope (S:U), and impacts only availability (A:H) with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability only affects availability with no impact on confidentiality or integrity of the system (Oracle CPU).

Oracle has released patches to address this vulnerability in their October 2020 Critical Patch Update. Users should upgrade to MySQL versions after 5.7.31 for the 5.7 series or after 8.0.21 for the 8.0 series. MariaDB users should upgrade to versions after 10.2.35, 10.3.26, 10.4.16, or 10.5.7 (Gentoo Security).