CVE-2024-20962: 
MySQL vulnerability analysis and mitigation

CVE-2024-20962 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server Optimizer component. The vulnerability affects MySQL versions 8.0.35 and prior, as well as 8.2.0 and prior. It is an easily exploitable vulnerability that allows low privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), requires low privileges (PR:L), needs no user interaction (UI:N), has unchanged scope (S:U), and affects only availability (A:H) with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability, with no reported effects on confidentiality or integrity of the system (Oracle Advisory).

Oracle has released patches to address this vulnerability in the January 2024 Critical Patch Update. Users are strongly recommended to update to MySQL version 8.0.36 which contains fixes for this vulnerability (Oracle Advisory).