CVE-2020-2780: 
MySQL vulnerability analysis and mitigation

CVE-2020-2780 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: DML component. The vulnerability affects MySQL versions 5.6.47 and prior, 5.7.29 and prior, and 8.0.19 and prior. It was disclosed as part of Oracle's Critical Patch Update in April 2020 (Oracle CPU).

The vulnerability has been assigned a CVSS 3.0 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is easily exploitable by a low-privileged attacker with network access via multiple protocols (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The vulnerability affects availability but does not impact confidentiality or integrity (Oracle CPU, NetApp Advisory).

Oracle has released patches to address this vulnerability in MySQL versions 5.6.48, 5.7.30, and 8.0.20. Ubuntu has released updates to address this in various versions: MySQL 8.0.20 for Ubuntu 20.04 LTS and 19.10, and MySQL 5.7.30 for Ubuntu 18.04 LTS and 16.04 LTS (Ubuntu Notice).