CVE-2020-2903: 
MySQL vulnerability analysis and mitigation

CVE-2020-2903 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Connection Handling component. The vulnerability affects MySQL versions 8.0.19 and prior. This security issue was disclosed as part of Oracle's Critical Patch Update in April 2020 (Oracle CPU).

The vulnerability is classified with a CVSS 3.0 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is easily exploitable but requires high privileges and network access via multiple protocols to compromise MySQL Server (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (NetApp Advisory).

The vulnerability was fixed in MySQL version 8.0.20. Users should upgrade to this version or later to address the security issue. For Ubuntu users, updates were provided through USN-4350-1 with MySQL 8.0.20-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS and equivalent versions for other supported releases (Ubuntu Notice).