CVE-2024-21159: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) affects versions 8.0.36 and prior, and 8.3.0 and prior. This easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and unchanged scope (S:U). The vulnerability impacts only availability (A:H) with no effects on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability with no compromise of data confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in their July 2024 Critical Patch Update. Users are strongly recommended to apply these security patches as soon as possible to affected MySQL Server installations (Oracle CPU).