CVE-2024-21197: 
MySQL vulnerability analysis and mitigation

A vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema) affects versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU Oct 2024).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that while the vulnerability is network-accessible (AV:N) and requires low attack complexity (AC:L), it needs high privileges (PR:H) to exploit. No user interaction (UI:N) is required, the scope is unchanged (S:U), and there are no confidentiality (C:N) or integrity (I:N) impacts, but high availability impact (A:H) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability with no direct effects on confidentiality or integrity of the system (Oracle CPU Oct 2024).

Oracle has released patches to address this vulnerability in the October 2024 Critical Patch Update. Users are advised to update to MySQL Server versions after 8.0.39, 8.4.2, or 9.0.1 depending on their installation branch (Oracle CPU Oct 2024).