CVE-2020-2806: 
MySQL vulnerability analysis and mitigation

CVE-2020-2806 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Compiling component. The vulnerability affects MySQL versions 5.7.28 and prior. It was disclosed in December 2019 and received a CVSS 3.0 Base Score of 5.3 (Oracle CPUApr2020).

This is a difficult to exploit vulnerability that allows low privileged attackers with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS Vector of (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating network attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, and high availability impact (Oracle CPUApr2020).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity (Oracle CPUApr2020, NetApp Advisory).

Oracle has addressed this vulnerability in MySQL versions after 5.7.28. Users are advised to upgrade to MySQL version 5.7.29 or later to mitigate this vulnerability. For systems running MySQL 5.7, patches have been released (MySQL 5.7.29-0ubuntu0.18.04.1 for Ubuntu 18.04 LTS and MySQL 5.7.29-0ubuntu0.16.04.1 for Ubuntu 16.04 LTS) (Ubuntu Security).