CVE-2024-20985 in MySQL Serverinfo

Summary

by MITRE • 01/17/2024

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/20/2025

The vulnerability identified as CVE-2024-20985 affects the MySQL Server component known as User-Defined Functions (UDF) within Oracle MySQL products. This issue impacts specifically versions 8.0.35 and earlier, as well as 8.2.0 and prior releases, making it a significant concern for database administrators managing these server versions. The vulnerability resides in the server's handling of user-defined functions which are extensions that allow users to create custom functions within the database system. These UDFs can be loaded dynamically and executed within the MySQL server process, creating a potential attack surface that could be exploited by malicious actors. The flaw is classified as easily exploitable, indicating that attackers with minimal technical skills and network access can leverage this vulnerability effectively.

The technical nature of this vulnerability involves a flaw in how MySQL Server processes and handles user-defined functions, particularly in the context of memory management or function execution. Attackers with low privileges and network access can exploit this weakness through multiple protocols, suggesting that the vulnerability is not limited to a single communication channel but can be accessed through various network interfaces that MySQL supports. This multi-protocol accessibility increases the attack surface and makes the vulnerability more dangerous as it can be reached through different attack vectors. The vulnerability specifically targets the availability aspect of the system, allowing attackers to cause complete denial of service conditions by either hanging the MySQL server or creating frequently repeatable crashes. This type of attack effectively renders the database service unusable for legitimate users while potentially allowing the attacker to maintain persistent access to the compromised system.

The operational impact of CVE-2024-20985 represents a critical availability threat to MySQL server deployments, as the successful exploitation can lead to complete system downtime. The CVSS 3.1 base score of 6.5 indicates a medium to high severity vulnerability that primarily affects system availability rather than confidentiality or integrity. This means that while the attack may not directly result in data theft or unauthorized data modification, it can completely disrupt database operations and business continuity. Organizations relying on MySQL databases for critical applications face significant operational risks, as database unavailability can cascade into broader system failures and service disruptions. The vulnerability's classification under CWE (Common Weakness Enumeration) would likely fall within categories related to improper handling of user-defined functions or memory corruption issues, potentially mapping to CWE-121 for buffer overflow conditions or similar memory management flaws. From an ATT&CK framework perspective, this vulnerability aligns with techniques involving service stoppage and availability disruption, potentially classified under T1499 for network denial of service and T1566 for initial access through network protocols.

Organizations should prioritize immediate mitigation efforts by upgrading to patched versions of MySQL Server, specifically versions beyond 8.0.35 and 8.2.0 to eliminate the risk of exploitation. System administrators should also implement network segmentation and access controls to limit exposure of MySQL servers to untrusted networks, reducing the attack surface available to potential adversaries. Additionally, monitoring for unusual network traffic patterns or repeated connection attempts to MySQL services should be implemented as part of security operations. Database administrators should consider disabling unnecessary user-defined functions or implementing strict access controls over UDF creation and execution to minimize potential exploitation paths. The vulnerability's ease of exploitation makes it particularly dangerous as it requires minimal skill level from attackers, meaning that organizations should not assume that their systems are immune to attack simply because they are not actively targeted. Regular security assessments and vulnerability scanning should be conducted to identify any remaining unpatched systems within the organization's infrastructure. Organizations should also maintain robust incident response procedures that account for potential denial of service attacks targeting database services, ensuring that they can quickly respond to and recover from exploitation attempts.

Reservation

12/07/2023

Disclosure

01/17/2024

Moderation

accepted

CPE

ready

EPSS

0.01104

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!