CVE-2020-2895: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) identified as CVE-2020-2895. The vulnerability affects MySQL versions 8.0.19 and prior. This is an easily exploitable vulnerability that allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (MITRE, Ubuntu).

The vulnerability has been assigned a CVSS 3.0 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), with unchanged scope (S:U), and no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (MITRE, NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability specifically affects the InnoDB component and can lead to service disruption (MITRE).

Oracle has released patches to address this vulnerability in MySQL version 8.0.20. Ubuntu has also released fixes for affected versions: mysql-server-8.0 version 8.0.20-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS and mysql-server-8.0 version 8.0.20-0ubuntu0.19.10.1 for Ubuntu 19.10 (Ubuntu Security Notice).