CVE-2024-20984: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in the MySQL Server product of Oracle MySQL, specifically in the Server : Security : Firewall component. The affected versions include MySQL Server 8.0.35 and prior, as well as 8.2.0 and prior. This vulnerability (CVE-2024-20984) is characterized as difficult to exploit and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.4 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that while the vulnerability is network-accessible (AV:N), it requires high attack complexity (AC:H) and high privileges (PR:H) to exploit. No user interaction (UI:N) is required, the scope is unchanged (S:U), and the impact is limited to availability (A:H) with no effect on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is specifically limited to the availability of the system, with no compromise to data confidentiality or integrity (Oracle Advisory).

Oracle has released patches for this vulnerability as part of its Critical Patch Update (CPU) for January 2024. Users are strongly advised to update to the latest version of MySQL Server. The vulnerability affects versions 8.0.35 and prior, and 8.2.0 and prior, with fixes available in subsequent releases (Oracle Advisory).