CVE-2024-20972 in MySQL Serverinfo

Summary

by MITRE • 02/17/2024

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/08/2025

The vulnerability identified as CVE-2024-20972 resides within the MySQL Server optimizer component of Oracle MySQL database systems, affecting versions 8.0.35 and earlier, as well as 8.2.0 and earlier releases. This represents a critical availability threat that operates through the server's query optimization engine, where a flaw in how the system processes certain database operations can be exploited by attackers with high privileges and network access. The vulnerability's classification as easily exploitable indicates that the attack vector requires minimal sophistication and can be leveraged by adversaries who have already gained elevated access to the network infrastructure. The CVSS base score of 4.9 reflects the moderate to high impact on system availability, specifically targeting the database server's ability to maintain continuous operation.

The technical nature of this vulnerability manifests within the MySQL Server's optimizer module, which is responsible for determining the most efficient execution plan for database queries. When processing specific query patterns or data structures, the optimizer contains a flaw that can cause the server to enter a state of indefinite hanging or repeatedly crash during query execution. This behavior constitutes a denial of service condition where legitimate database operations cannot proceed due to the server's instability. The vulnerability operates through multiple network protocols, including TCP/IP connections, making it accessible across various attack surfaces that typically handle database communication. The flaw's impact is particularly severe because it can be triggered by maliciously crafted queries or data processing sequences that exploit the optimizer's handling of certain edge cases or complex query structures.

The operational consequences of successful exploitation include complete service disruption of MySQL Server instances, which can severely impact database-dependent applications and services. Organizations relying on MySQL for critical business operations may experience significant downtime, data access interruptions, and potential cascading failures in application stacks that depend on database availability. The vulnerability's designation as affecting high privileged attackers suggests that it requires authentication and elevated privileges, but once accessed, the impact is severe enough to allow attackers to cause persistent system instability. This makes the vulnerability particularly dangerous in environments where database administrators or application services already have elevated access levels, as the attack can be executed with minimal additional effort.

Mitigation strategies for CVE-2024-20972 should prioritize immediate patching of affected MySQL Server versions to the latest releases that contain fixes for the optimizer flaw. Organizations should implement network segmentation and access controls to limit exposure of MySQL servers to untrusted networks and reduce the attack surface available to potential adversaries. Monitoring systems should be enhanced to detect unusual patterns of database server crashes or hangs that could indicate exploitation attempts, with particular attention to query execution patterns that might trigger the optimizer vulnerability. The vulnerability aligns with CWE-119 which addresses improper access to critical resources through buffer overflows or memory access violations, and relates to ATT&CK technique T1499.004 which covers network denial of service attacks. Additionally, implementing proper database access controls and privilege management can help reduce the risk of exploitation, as the vulnerability requires high-privileged access to be effectively leveraged. Regular vulnerability assessments and penetration testing should be conducted to identify similar issues in database server configurations and to ensure that security controls remain effective against evolving threats in database environments.

Reservation

12/07/2023

Disclosure

02/17/2024

Moderation

accepted

CPE

ready

EPSS

0.01096

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!