CVE-2024-20970 in MySQL Serverinfo

Summary

by MITRE • 02/17/2024

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/08/2025

The vulnerability identified as CVE-2024-20970 resides within the MySQL Server optimizer component of Oracle MySQL database systems. This flaw affects specific version ranges including all 8.0.x releases up to and including 8.0.35, as well as 8.2.0 and earlier versions of the 8.2.x series. The vulnerability is classified as easily exploitable, requiring only a high privileged attacker with network access through multiple protocols to leverage this weakness. The security implications are particularly concerning as the flaw resides in the server optimizer, a core component responsible for query execution planning and optimization within the database engine. This positioning makes the vulnerability particularly dangerous as it can be triggered during normal database operations when queries are being processed and optimized.

The technical nature of this vulnerability manifests as a condition that can lead to complete denial of service scenarios against MySQL Server instances. When exploited successfully, the vulnerability allows attackers to cause the database server to hang or experience frequently repeatable crashes, effectively rendering the database unavailable to legitimate users and applications. This type of vulnerability directly impacts the availability aspect of the CIA triad, as demonstrated by the CVSS 3.1 base score of 4.9 and the availability impact vector component. The vulnerability's exploitability requires only low attack complexity and high privileges, suggesting that it may be accessible through legitimate administrative accounts or those with elevated database permissions, making it particularly concerning for environments where administrative access is more broadly distributed.

From an operational impact perspective, the vulnerability can severely disrupt database services and business operations that depend on MySQL Server availability. The complete denial of service condition can result in extended downtime for applications that rely on database functionality, potentially causing cascading failures throughout dependent systems. Organizations running affected MySQL versions may experience service interruptions, data access failures, and potential revenue losses depending on their operational dependencies. The vulnerability's impact is amplified by the fact that it can be triggered through multiple protocols, increasing the attack surface and making it more difficult to defend against through network segmentation or protocol filtering measures.

Mitigation strategies for CVE-2024-20970 should prioritize immediate patching of affected MySQL Server installations to the latest available versions that contain the fix. Organizations should conduct thorough testing of patches in staging environments before deployment to ensure compatibility with existing database configurations and applications. Network segmentation and access controls should be reviewed to limit unnecessary network access to MySQL Server instances, particularly reducing the attack surface for privileged accounts. Monitoring and logging should be enhanced to detect unusual patterns of database server behavior that might indicate exploitation attempts. The vulnerability aligns with CWE-119 which addresses weakness in memory management and data handling, and may be related to ATT&CK technique T1499.004 which covers unauthorized use of resources for denial of service. Organizations should also consider implementing database activity monitoring solutions to detect anomalous query patterns that might precede exploitation of this vulnerability type.

Reservation

12/07/2023

Disclosure

02/17/2024

Moderation

accepted

CPE

ready

EPSS

0.01096

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!