CVE-2020-2804: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached) affects versions 5.6.47 and prior, 5.7.29 and prior, and 8.0.19 and prior. This vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise MySQL Server (MITRE, NVD).

The vulnerability has been assigned a CVSS Base Score of 5.9 (Medium) with the vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. It is considered difficult to exploit and requires network access. The vulnerability specifically affects the Memcached component of MySQL Server (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (MITRE).

Oracle has released patches to address this vulnerability in MySQL versions after 5.6.47, 5.7.29, and 8.0.19. Users are advised to upgrade to the latest version of MySQL. Ubuntu users can update to mysql-server-8.0 version 8.0.20-0ubuntu0.20.04.1 for Ubuntu 20.04 or mysql-server-5.7 version 5.7.30-0ubuntu0.18.04.1 for Ubuntu 18.04 (Ubuntu Notice).