CVE-2024-21049 in MySQL Server
Summary
by MITRE • 04/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/06/2025
The vulnerability identified as CVE-2024-21049 represents a significant availability threat within Oracle MySQL Server versions 8.0.34 and earlier, specifically affecting the Server: DML component. This flaw manifests as a denial of service condition that can be exploited by high-privileged attackers who possess network access through multiple protocols. The vulnerability's classification as easily exploitable indicates that attackers with sufficient privileges and network connectivity can readily trigger the malicious conditions that lead to system instability. The CVSS base score of 4.9 reflects the moderate severity of the availability impact, though the potential for complete system disruption makes this a serious concern for database administrators and security professionals.
The technical nature of this vulnerability involves a flaw within the Data Manipulation Language processing capabilities of the MySQL server, which forms the core of database operations including select, insert, update, and delete commands. When exploited, the vulnerability causes the MySQL server to either hang indefinitely or experience frequently repeatable crashes that can be triggered repeatedly by an attacker. This behavior fundamentally undermines the server's ability to maintain consistent service availability, creating conditions where legitimate database operations become impossible. The vulnerability specifically targets the server's handling of certain DML operations, suggesting that the flaw exists within the query processing or execution engine rather than in network protocols or authentication mechanisms.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise the entire database infrastructure's reliability. Organizations relying on MySQL Server for critical business operations face significant risks when this vulnerability exists in their environment, as the repeated crashes or hangs can lead to extended downtime periods that affect business continuity. The high privilege requirement for exploitation suggests that this vulnerability is more likely to be targeted by insiders or attackers who have already gained elevated access to the system, making it particularly dangerous in environments where access controls are not properly enforced. The network access requirement indicates that the vulnerability can be exploited from external networks, potentially allowing remote attackers to disrupt services without requiring physical access to the database infrastructure.
Mitigation strategies for CVE-2024-21049 should prioritize immediate patching of affected MySQL Server installations to version 8.0.35 or later, where the vulnerability has been addressed by Oracle. Network segmentation and access control measures should be implemented to limit the number of high-privileged accounts that can access the database server directly. Monitoring systems should be configured to detect unusual patterns of server hangs or crashes that might indicate exploitation attempts. The vulnerability aligns with CWE-400 which covers "Uncontrolled Resource Consumption" and potentially relates to ATT&CK technique T1499.004 for "OS Command Injection" and T1499.001 for "Direct Network Injection" when considering the availability impact and network access requirements. Organizations should also consider implementing database activity monitoring solutions that can detect anomalous DML operations that might trigger the vulnerability, while maintaining regular security assessments to identify other potential attack vectors that could be combined with this vulnerability to achieve more severe impacts.