CVE-2024-21230: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. This vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server (Oracle CPU Oct 2024).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), requires no user interaction (UI:N), has unchanged scope (S:U), and primarily impacts system availability (A:H) with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability specifically affects the Server Optimizer component, which could lead to service disruptions (Oracle CPU Oct 2024).

Oracle has released patches to address this vulnerability in their October 2024 Critical Patch Update. For Ubuntu systems, fixed versions have been released: 8.0.40-0ubuntu0.24.10.1 for 24.10, 8.0.40-0ubuntu0.22.04.1 for 22.04 LTS, and 8.0.40-0ubuntu0.20.04.1 for 20.04 LTS. It is strongly recommended to upgrade to these patched versions (Ubuntu Security).