CVE-2024-21218: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) affects versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs high privileges (PR:H), requires no user interaction (UI:N), has unchanged scope (S:U), and only impacts availability (A:H) with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability with no direct effect on data confidentiality or integrity (Oracle Advisory).

Oracle has released patches to address this vulnerability in the October 2024 Critical Patch Update. Users should upgrade to the latest version of MySQL Server that includes these security fixes. The fix is available for versions 8.0.39, 8.4.2, and 9.0.1 and their prior versions (Oracle Advisory).