CVE-2024-21130: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. This vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity). The attack vector is Network (AV:N), with Low attack complexity (AC:L), requiring High privileges (PR:H), and No user interaction (UI:N). The scope is Unchanged (S:U), with No impact on confidentiality (C:N) or integrity (I:N), but High impact on availability (A:H). The complete CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability, with no effects on confidentiality or integrity of the system (Oracle Advisory).

Oracle has released patches to address this vulnerability in MySQL version 8.0.39. Users are advised to update their MySQL installations to this version. Ubuntu has also released security updates: version 8.0.39-0ubuntu0.24.04.1 for Ubuntu 24.04 LTS, 8.0.39-0ubuntu0.22.04.1 for Ubuntu 22.04 LTS, and 8.0.39-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS (Ubuntu Notice).