CVE-2024-20977 in MySQL Server
Summary
by MITRE • 01/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2024-20977 resides within the MySQL Server optimizer component of Oracle MySQL database systems, representing a significant availability risk that affects multiple version ranges including 8.0.35 and earlier releases as well as 8.2.0 and prior versions. This flaw manifests as a denial of service condition that can be triggered by low privileged attackers who possess network access through various protocols, making it particularly dangerous in environments where database servers are exposed to untrusted networks. The vulnerability's classification as easily exploitable indicates that the attack vector requires minimal skill or resources to execute successfully, potentially allowing unauthorized individuals to disrupt database operations without requiring elevated privileges or complex attack chains.
The technical nature of this vulnerability stems from issues within the server optimizer module responsible for query execution planning and optimization processes. When exploited, the flaw causes the MySQL Server to either hang indefinitely or experience repeated crashes that can lead to complete service disruption. The specific mechanism through which this occurs involves malformed or specially crafted queries that trigger memory corruption or resource exhaustion conditions within the optimizer subsystem. This type of vulnerability typically represents a weakness in input validation or memory management where the server fails to properly handle edge cases or malformed data during query processing operations. The CVSS 3.1 scoring of 6.5 reflects the moderate severity of the availability impact, with the high availability impact score (A:H) indicating that successful exploitation can result in complete service disruption that affects database availability for legitimate users.
From an operational standpoint, the implications of this vulnerability extend beyond simple service interruption to potentially compromise business continuity and data availability. Organizations running affected MySQL versions face the risk of unauthorized denial of service attacks that could impact critical database operations, especially in environments where database availability is paramount for business operations. The vulnerability's low privilege requirement means that attackers need minimal access rights to cause significant disruption, potentially allowing malicious actors to exploit this weakness even when they only have basic database connection privileges. Network-based exploitation capabilities further amplify the risk as attackers can potentially launch attacks from remote locations without requiring physical access to the database infrastructure, making this vulnerability particularly concerning for organizations with publicly accessible database servers or those exposed to untrusted network segments.
The vulnerability's impact aligns with CWE-121, which describes heap-based buffer overflow conditions, and represents a classic example of how optimizer components can become attack surfaces when proper input validation and resource management practices are not implemented. Security practitioners should consider this vulnerability in the context of the ATT&CK framework, particularly under the 'Denial of Service' tactics where adversaries seek to disrupt services and make systems unavailable to legitimate users. Organizations should implement immediate mitigations including applying the latest security patches from Oracle, implementing network segmentation to limit access to database servers, and monitoring for suspicious query patterns that might indicate exploitation attempts. Additional defensive measures include configuring appropriate access controls, limiting database user privileges, and implementing database activity monitoring to detect anomalous behavior that could indicate exploitation attempts. The vulnerability serves as a reminder of the critical importance of maintaining up-to-date database software and implementing comprehensive security practices to protect against both known and emerging threats in database environments.