CVE-2020-2892: 
MySQL vulnerability analysis and mitigation

CVE-2020-2892 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server Optimizer component. The vulnerability affects MySQL versions 8.0.19 and prior. This security flaw was discovered and reported to Oracle, who addressed it in their April 2020 Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS 3.0 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability requires high privileges and network access via multiple protocols to exploit. The technical assessment indicates that while the attack complexity is low, it requires high-level privileges to execute (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The impact is limited to availability, with no direct effects on confidentiality or integrity (Oracle CPU).

Oracle addressed this vulnerability in MySQL version 8.0.20. Users are advised to upgrade to MySQL version 8.0.20 or later to protect against this vulnerability. Ubuntu users can update to mysql-server-8.0 version 8.0.20-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS and version 8.0.20-0ubuntu0.19.10.1 for Ubuntu 19.10 (Ubuntu USN).