CVE-2024-20973 in MySQL Server
Summary
by MITRE • 01/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2024-20973 represents a significant availability threat within Oracle MySQL Server implementations, specifically affecting the Server: Optimizer component. This flaw exists in versions 8.0.35 and earlier, as well as 8.2.0 and prior releases, making it a widespread concern across multiple MySQL server deployments. The vulnerability's classification as easily exploitable indicates that attackers with minimal privileges and network access can leverage this weakness to compromise system availability. The CVSS base score of 6.5 reflects the severity of the impact, with the availability impact component rated at high, suggesting that successful exploitation can lead to complete denial of service conditions that may require system restarts to resolve.
The technical nature of this vulnerability stems from issues within the MySQL Server's query optimization engine, where improper handling of specific query patterns or data structures can trigger system instability. This flaw operates at the optimizer level, which is responsible for determining the most efficient execution plan for database queries. When maliciously crafted queries are processed through this component, they can cause the server to enter a state where it becomes unresponsive or repeatedly crashes. The vulnerability's exploitation requires only low privileged access and network connectivity, making it particularly dangerous as it can be leveraged by attackers who have minimal database permissions but can establish network connections to the target system.
The operational impact of CVE-2024-20973 extends beyond simple service disruption, as the complete denial of service condition can severely impact database availability and business operations. Organizations relying on MySQL Server for critical applications may experience extended downtime, data access interruptions, and potential revenue losses during attack windows. The vulnerability's ability to cause frequently repeatable crashes means that even a single successful exploitation attempt can render the database service unavailable until manual intervention occurs. This characteristic makes the vulnerability particularly attractive to attackers seeking to disrupt services, as it provides a reliable method for achieving system unavailability with minimal effort. The attack vector through multiple protocols indicates that the vulnerability is accessible through various network communication channels, increasing the attack surface and making comprehensive protection more challenging.
Organizations should prioritize immediate patching of affected MySQL Server installations to mitigate this vulnerability, as the CVSS vector indicates that no user interaction is required for exploitation. The vulnerability aligns with CWE-476 which describes null pointer dereference conditions, though specific implementation details suggest this may involve more complex memory management issues within the optimizer component. From an ATT&CK framework perspective, this vulnerability maps to the T1499.004 technique for "Endpoint Denial of Service" and potentially T1071.004 for "Application Layer Protocol: DNS" if exploitation occurs through DNS-related communications. Mitigation strategies should include implementing network segmentation to limit access to MySQL ports, deploying intrusion detection systems to monitor for suspicious query patterns, and establishing robust monitoring procedures to detect system instability. Additionally, organizations should consider implementing query filtering mechanisms and access controls to limit the ability of low privileged users to execute potentially harmful queries that could trigger this vulnerability.