CVE-2024-20960 in MySQL Server
Summary
by MITRE • 02/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2024-20960 represents a significant availability risk within Oracle MySQL Server implementations, specifically affecting the Server: RAPID component. This weakness manifests in versions 8.0.35 and earlier, as well as 8.2.0 and prior releases, creating a persistent threat vector that can be exploited by adversaries with minimal privileges. The vulnerability's classification as easily exploitable indicates that attackers require only basic network access and low privilege credentials to execute successful attacks, making it particularly dangerous in production environments where database availability is critical. The CVSS score of 6.5 reflects the high impact on system availability, with the attack vector being network-based and the access complexity being low, suggesting that this vulnerability can be leveraged by a broad range of threat actors without requiring specialized tools or extensive technical expertise.
The technical flaw underlying CVE-2024-20960 stems from insufficient input validation or memory management within the MySQL Server's RAPID component, which processes specific database operations that trigger a denial of service condition. When exploited, this vulnerability enables attackers to cause the MySQL Server to either hang indefinitely or experience repeated crashes, effectively rendering the database service unavailable to legitimate users and applications. The nature of the flaw suggests potential issues in how the server handles certain protocol communications or data processing sequences that lead to resource exhaustion or memory corruption. This behavior aligns with CWE-400 vulnerability classification, which encompasses issues related to resource exhaustion or uncontrolled resource consumption that can lead to denial of service conditions. The vulnerability's impact extends beyond simple service interruption as it can cause complete system unavailability, disrupting business operations and potentially affecting downstream applications that depend on database connectivity.
The operational impact of this vulnerability creates substantial risk for organizations relying on MySQL Server infrastructure, particularly in environments where database availability directly affects business continuity and user experience. Successful exploitation can result in complete denial of service conditions that may require manual intervention to restore database services, potentially causing extended downtime and data access interruptions. The vulnerability's ability to cause frequently repeatable crashes means that attackers can maintain persistent disruption of service rather than achieving a single successful attack, making it particularly challenging to defend against and recover from. Organizations utilizing affected MySQL versions face increased risk of operational disruptions, potential financial losses due to service unavailability, and possible regulatory compliance issues if service level agreements are violated due to the availability impact. The low privilege requirement and network-based access vector make this vulnerability particularly concerning for environments where database servers are accessible from multiple network segments or exposed to untrusted networks.
Mitigation strategies for CVE-2024-20960 should prioritize immediate patching of affected MySQL Server installations to versions that contain the necessary security fixes and code modifications to address the underlying RAPID component vulnerability. Organizations should implement network segmentation and access controls to limit exposure of MySQL servers to untrusted networks, reducing the attack surface available to potential adversaries. Monitoring and logging configurations should be enhanced to detect unusual patterns of database connection attempts or service disruptions that may indicate exploitation attempts. Network-based intrusion detection systems should be configured to alert on suspicious database protocol communications that align with the vulnerability's exploitation patterns. Additionally, implementing application-level firewalls and database access controls can provide additional layers of defense against unauthorized access attempts. Regular vulnerability assessments and penetration testing should be conducted to identify and remediate similar weaknesses in the database infrastructure, while maintaining updated threat intelligence feeds to stay informed about emerging exploitation techniques targeting MySQL Server components. The remediation process should include thorough testing of patched environments to ensure that security updates do not introduce compatibility issues with existing database applications or services.