CVE-2024-20962 in MySQL Server
Summary
by MITRE • 02/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2024-20962 resides within the MySQL Server optimizer component of Oracle MySQL database systems, representing a significant availability risk that affects multiple versions including 8.0.35 and earlier releases as well as 8.2.0 and prior iterations. This flaw manifests as an easily exploitable weakness that can be leveraged by low-privileged attackers who possess network access through various protocols, making it particularly concerning for database environments where network exposure is common. The vulnerability operates within the server-side optimization mechanisms that process query execution plans, creating a potential pathway for malicious actors to disrupt database operations through carefully crafted inputs that trigger specific code paths within the optimizer module.
The technical nature of this vulnerability stems from improper handling of certain query optimization scenarios that can lead to resource exhaustion or memory corruption within the MySQL server process. When exploited, the vulnerability enables attackers to induce a complete denial of service condition by causing the MySQL server to hang indefinitely or experience frequent crashes that require manual intervention to restore service. The attack vector requires minimal privileges and can be executed over standard network protocols, making it accessible to attackers who may not possess elevated database credentials. The CVSS 3.1 scoring of 6.5 reflects the high availability impact with a low attack complexity and the requirement for only low privileges to execute successful exploitation, aligning with the characteristics of a server-side vulnerability that can be remotely triggered.
This vulnerability directly impacts the operational integrity of MySQL database deployments by creating conditions that can render database services unavailable to legitimate users and applications. The consequences extend beyond simple service interruption to include potential data access delays, application performance degradation, and business continuity concerns for organizations relying on MySQL for critical database operations. The repeated crash scenario indicates that even a single successful exploit can cause sustained disruption rather than a one-time incident, potentially leading to extended downtime periods that can affect multiple concurrent database users and applications. Organizations utilizing affected MySQL versions face significant operational risks as the vulnerability can be exploited without requiring extensive technical expertise or elevated privileges.
Security practitioners should immediately implement mitigation strategies including applying the latest Oracle security patches that address this specific optimizer vulnerability. Network segmentation and access controls should be reinforced to limit exposure of MySQL servers to untrusted networks, while monitoring systems should be enhanced to detect anomalous query patterns that may indicate exploitation attempts. The vulnerability's classification under CWE 476 (NULL Pointer Dereference) and its alignment with ATT&CK technique T1499.004 (Endpoint Denial of Service) highlights the need for comprehensive security controls beyond traditional patch management. Organizations should also consider implementing database activity monitoring solutions that can detect suspicious optimization patterns and establish incident response procedures specifically tailored to handle MySQL server denial of service conditions. Regular vulnerability assessments and penetration testing should be conducted to identify additional exposure points that could be leveraged in conjunction with this vulnerability to maximize overall security posture effectiveness.