CVE-2024-21125: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in MySQL Server (CVE-2024-21125) affecting versions 8.0.37 and prior, and 8.4.0 and prior. This vulnerability is present in the Server: FTS (Full Text Search) component. The issue allows high-privileged attackers with network access to compromise MySQL Server through multiple protocols (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity). The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring High privileges (PR:H), and No user interaction (UI:N). The scope is Unchanged (S:U), with No impact on confidentiality (C:N) or integrity (I:N), but High impact on availability (A:H) (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server (Oracle CPU).

Oracle has released patches to address this vulnerability in MySQL version 8.0.39. Ubuntu has also released fixed versions: 8.0.39-0ubuntu0.24.04.1 for Ubuntu 24.04 LTS, 8.0.39-0ubuntu0.22.04.1 for Ubuntu 22.04 LTS, and 8.0.39-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS (Ubuntu Notice).