CVE-2020-2760: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) affecting versions 5.7.29 and prior, and 8.0.19 and prior. This vulnerability was disclosed in April 2020 as part of Oracle's Critical Patch Update (Oracle CPU). The vulnerability exists in the InnoDB component and can be exploited through multiple protocols (CVE Details).

The vulnerability has a CVSS Base Score of 5.5 (Medium severity) with Integrity and Availability impacts. The CVSS Vector is (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H), indicating that it requires network access and high privileges to exploit, but no user interaction (CVE Details).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (CVE Details).

Oracle has released patches to address this vulnerability in MySQL versions 5.7.30 and 8.0.20. Various Linux distributions have also released updated packages including Ubuntu (5.7.30 for 16.04/18.04 LTS and 8.0.20 for 19.10/20.04 LTS), Fedora (8.0.20), and MariaDB (10.2.32) (Ubuntu Notice, Fedora Update).