CVE-2024-20965: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Server's Optimizer component, tracked as CVE-2024-20965. The vulnerability affects MySQL Server versions 8.0.35 and prior, as well as 8.2.0 and prior. This security flaw was disclosed as part of Oracle's January 2024 Critical Patch Update (Oracle CPU).

The vulnerability is characterized by a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability requires a high-privileged attacker with network access and can be exploited through multiple protocols. The attack complexity is considered low, requiring no user interaction, and the scope is unchanged (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only impacts availability, with no direct effects on confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in MySQL version 8.0.36. Organizations using affected versions should upgrade to the patched version. Multiple vendors have also released fixes, including NetApp in their various products and Red Hat in their Software Collections (NetApp Advisory, Oracle CPU).