CVE-2024-20998: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Server's Optimizer component, affecting versions 8.0.36 and prior, and 8.3.0 and prior. This security flaw (CVE-2024-20998) is characterized as easily exploitable and allows high-privileged attackers with network access to compromise MySQL Server through multiple protocols (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity). The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating network-based attack vector, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server (Oracle CPU).

Oracle has released patches to address this vulnerability in MySQL version 8.0.37. Users are strongly advised to update their MySQL Server installations to this version. The fix has been incorporated into various distribution updates, including Ubuntu 20.04 LTS, 22.04 LTS, 23.10, and 24.04 LTS (Ubuntu USN).