CVE-2024-21219: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML) affects versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This easily exploitable vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server. The vulnerability was disclosed in October 2024 (Oracle CPU Oct 2024).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack requires network access and high privileges but is considered low complexity and requires no user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is primarily focused on system availability, with no direct effect on data confidentiality or integrity (Oracle CPU Oct 2024).

Oracle has released patches to address this vulnerability in the October 2024 Critical Patch Update. Users are advised to update to MySQL version 8.0.40 or later to mitigate this vulnerability. The fix is available for various platforms including Ubuntu and Red Hat Enterprise Linux systems (Ubuntu Security).