CVE-2024-20965 in MySQL Cluster
Summary
by MITRE • 01/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/20/2025
The vulnerability identified as CVE-2024-20965 represents a significant availability risk within Oracle MySQL Server's optimizer component, specifically affecting versions 8.0.35 and earlier, as well as 8.2.0 and prior releases. This flaw resides in the server's query optimization logic which processes complex SQL statements and execution plans. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this weakness to disrupt MySQL server operations. The CVSS score of 4.9 reflects the moderate severity of the availability impact, though the potential for complete denial of service makes this threat particularly concerning for production environments. The vulnerability's accessibility via multiple protocols suggests it could be exploited through various attack vectors including network-based connections to the database server.
The technical nature of this vulnerability stems from improper handling within the MySQL Server's optimizer module when processing certain query execution paths. This flaw allows a maliciously crafted query or sequence of operations to trigger a condition that causes the server to enter a state of permanent hang or frequent crashes, effectively rendering the database service unavailable to legitimate users. The optimizer component is responsible for determining the most efficient execution plan for SQL queries, and this particular vulnerability appears to occur when the server attempts to optimize complex queries that involve specific join operations, subqueries, or other advanced SQL constructs. The flaw likely involves inadequate bounds checking or memory management during the optimization phase, causing the server to consume excessive resources or enter an invalid state that cannot be recovered from without manual intervention.
The operational impact of this vulnerability extends beyond simple service disruption, as it can lead to complete database unavailability and potential data access interruptions for applications relying on MySQL services. Organizations utilizing affected MySQL versions face the risk of extended downtime during which critical business applications may become inaccessible, potentially resulting in significant financial losses and service degradation. The high privilege requirement suggests that this vulnerability is most likely exploited by insiders or attackers who have already gained administrative access to the database environment, though the ease of exploitation means that even limited access could potentially be escalated. The frequent repeatable crashes indicate that the vulnerability is not a one-time occurrence but rather a persistent flaw that can be reliably triggered multiple times, making it particularly dangerous for systems that process high volumes of database queries.
Mitigation strategies for CVE-2024-20965 should prioritize immediate patching of affected MySQL Server versions to the latest releases that contain the necessary security fixes. Organizations should implement network segmentation and access controls to limit exposure of MySQL servers to untrusted networks while maintaining strict privilege controls to prevent unauthorized access. Monitoring systems should be enhanced to detect unusual patterns in database server behavior that might indicate exploitation attempts, including monitoring for repeated query execution failures or abnormal resource consumption. The vulnerability aligns with CWE-129, which addresses improper handling of input boundaries in database systems, and could be mapped to ATT&CK technique T1499.004 related to network denial of service attacks. Additionally, implementing database firewalls and query filtering mechanisms can help prevent malicious query patterns from reaching the optimizer component, while regular security assessments should verify that the patched versions have been properly deployed across all affected systems.