CVE-2024-20967: 
MySQL vulnerability analysis and mitigation

CVE-2024-20967 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Replication component. The vulnerability affects MySQL versions 8.0.35 and prior, as well as 8.2.0 and prior. This security flaw was disclosed as part of Oracle's January 2024 Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H. The vulnerability is characterized as easily exploitable and requires high privileges with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Additionally, it can lead to unauthorized update, insert or delete access to some of MySQL Server accessible data (Oracle CPU).

Oracle has released patches to address this vulnerability in the January 2024 Critical Patch Update. Users are strongly advised to update to MySQL version 8.0.36 which contains fixes for this vulnerability. The update is available for various platforms including Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10 (Ubuntu Notice, Oracle CPU).