CVE-2024-20968: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in MySQL Server (CVE-2024-20968) affecting versions 8.0.34 and prior, and 8.1.0. This vulnerability exists in the Server: Options component of Oracle MySQL. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.4 (Medium severity) (Oracle CPU, NVD).

The vulnerability is characterized as difficult to exploit and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, high attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability, with no direct effect on confidentiality or integrity (NVD).

Oracle has released patches for this vulnerability in their January 2024 Critical Patch Update. Users are advised to update to the latest version of MySQL Server. The vulnerability affects versions 8.0.34 and prior, and 8.1.0, so upgrading beyond these versions is recommended (Oracle CPU).