CVE-2020-2814: 
MySQL vulnerability analysis and mitigation

CVE-2020-2814 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the InnoDB component. The vulnerability affects MySQL versions 5.6.47 and prior, 5.7.28 and prior, and 8.0.18 and prior. This is an easily exploitable vulnerability that allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (MITRE CVE, NVD).

The vulnerability has a CVSS 3.0 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack requires high privileges and network access, but is considered easily exploitable. The vulnerability specifically affects the InnoDB component of MySQL Server and can be accessed through multiple network protocols (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The impact is primarily on the availability of the system, with no direct impact on confidentiality or integrity (MITRE CVE).

Oracle has released patches to address this vulnerability in MySQL versions 5.6.48, 5.7.29, and 8.0.19. Various Linux distributions have also released security updates including OpenSUSE, Fedora, and Gentoo. Users are strongly advised to upgrade to the patched versions (OpenSUSE Advisory, Gentoo Advisory).