CVE-2020-2573 in MySQL Clientinfo

Summary

by MITRE

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/24/2025

The vulnerability identified as CVE-2020-2573 represents a critical availability threat within the MySQL Client component, specifically affecting the C Application Programming Interface. This flaw exists in Oracle MySQL client implementations across multiple version ranges including all 5.7.x releases prior to 5.7.28 and all 8.0.x releases prior to 8.0.18. The vulnerability's classification as difficult to exploit indicates that while it requires some level of technical sophistication from an attacker, the attack surface remains accessible through standard network protocols. The CVSS 3.0 score of 5.9 reflects a moderate severity level with significant availability impact, placing this vulnerability in the category of denial of service threats that can severely disrupt database operations.

The technical nature of this vulnerability stems from improper handling of certain data structures within the MySQL client's C API implementation. When an unauthenticated attacker establishes network connections to a vulnerable MySQL client instance, they can craft specific protocol messages that trigger memory corruption or resource exhaustion conditions. The flaw manifests as a condition where the client process becomes unresponsive or crashes repeatedly, creating a persistent denial of service scenario that can render database applications inaccessible. This behavior aligns with CWE-121, which describes heap-based buffer overflow conditions, and represents a classic example of how improper input validation can lead to system instability.

From an operational standpoint, the impact of CVE-2020-2573 extends beyond simple service disruption to encompass potential business continuity risks for organizations relying on MySQL client applications. The vulnerability's ability to cause complete denial of service means that database connectivity can be severed entirely, affecting applications that depend on MySQL client libraries for data access. This scenario particularly impacts enterprise environments where database connections are critical for transaction processing, reporting, and application functionality. The attack vector through multiple protocols indicates that the vulnerability is not limited to a single communication channel, making it more challenging to defend against through protocol-specific controls.

Security professionals should note that this vulnerability operates under the ATT&CK framework's T1499.004 technique category, specifically targeting availability through denial of service mechanisms. The lack of authentication requirements makes this particularly dangerous in environments where MySQL clients are exposed to untrusted networks. Organizations should prioritize patch management for affected versions and consider implementing network segmentation to limit exposure. Additionally, monitoring for unusual connection patterns or client process crashes can serve as early indicators of exploitation attempts. The vulnerability's presence in both major release series (5.7 and 8.0) underscores the importance of comprehensive vulnerability assessment across all MySQL client implementations within an organization's infrastructure.

Responsible

Oracle

Reservation

12/10/2019

Moderation

accepted

CPE

ready

EPSS

0.03006

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!