CVE-2024-20971: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. in Oracle Corporation MySQL Server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
AI Analysis
Technical Summary
CVE-2024-20971 is a vulnerability identified in the Oracle MySQL Server, specifically affecting the Server Optimizer component. It impacts MySQL Server versions 8.0.35 and prior as well as 8.2.0 and prior. The vulnerability allows a high-privileged attacker with network access via multiple protocols to exploit the flaw without requiring user interaction. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H). The vulnerability does not affect confidentiality or integrity but impacts availability by enabling an attacker to cause the MySQL Server to hang or crash repeatedly, resulting in a complete denial of service (DoS). The CVSS v3.1 base score is 4.9, categorized as medium severity, primarily due to the availability impact. The underlying weakness is related to resource exhaustion or improper handling of requests leading to a DoS condition, classified under CWE-400 (Uncontrolled Resource Consumption). No known exploits in the wild have been reported as of the publication date (January 16, 2024). The vulnerability affects multiple network protocols used by MySQL Server, increasing the attack surface. Since the attacker must have high privileges, exploitation is limited to insiders or attackers who have already compromised credentials or elevated access. The absence of patches or mitigation links in the provided data suggests that organizations should monitor Oracle advisories for updates. Overall, this vulnerability poses a risk of service disruption in environments relying on the affected MySQL versions, particularly where high-privileged network access is possible.
Potential Impact
For European organizations, the primary impact of CVE-2024-20971 is the potential for denial of service on critical database infrastructure running MySQL Server. This can lead to downtime of business applications, disruption of services, and potential loss of productivity. Organizations in sectors such as finance, healthcare, e-commerce, and public administration that rely heavily on MySQL for data storage and transaction processing could experience operational interruptions. Although the vulnerability does not allow data theft or modification, the availability impact can indirectly affect business continuity and service level agreements. In regulated industries, prolonged outages could also lead to compliance issues. The requirement for high privileges limits the risk to insider threats or attackers who have already breached perimeter defenses, emphasizing the importance of strict access controls and monitoring. The multi-protocol attack vector means that various network interfaces to MySQL could be targeted, increasing the risk in complex network environments. European organizations with remote database management or cloud-hosted MySQL instances should be particularly vigilant. Given the medium severity rating and lack of known exploits, the immediate risk is moderate but warrants proactive mitigation to prevent potential disruption.
Mitigation Recommendations
1. Restrict high-privileged access: Enforce the principle of least privilege by limiting administrative and high-privilege MySQL accounts, especially those accessible over the network. 2. Network segmentation: Isolate MySQL servers from untrusted networks and restrict access to trusted hosts and management stations only. 3. Monitor and audit: Implement continuous monitoring of MySQL server logs and network traffic for unusual activity or repeated connection attempts that could indicate exploitation attempts. 4. Apply access controls: Use firewall rules and MySQL user privileges to limit protocol access and restrict connections to necessary protocols and IP addresses. 5. Patch management: Stay updated with Oracle’s security advisories and apply patches promptly once available. 6. Use connection encryption and authentication mechanisms to reduce the risk of credential compromise that could lead to high-privileged access. 7. Implement resource limits and query throttling where possible to mitigate the impact of resource exhaustion attacks. 8. Prepare incident response plans to quickly recover from potential DoS events affecting MySQL services. These steps go beyond generic advice by focusing on controlling high-privilege access, network-level protections, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2024-20971: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. in Oracle Corporation MySQL Server
Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
AI-Powered Analysis
Technical Analysis
CVE-2024-20971 is a vulnerability identified in the Oracle MySQL Server, specifically affecting the Server Optimizer component. It impacts MySQL Server versions 8.0.35 and prior as well as 8.2.0 and prior. The vulnerability allows a high-privileged attacker with network access via multiple protocols to exploit the flaw without requiring user interaction. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H). The vulnerability does not affect confidentiality or integrity but impacts availability by enabling an attacker to cause the MySQL Server to hang or crash repeatedly, resulting in a complete denial of service (DoS). The CVSS v3.1 base score is 4.9, categorized as medium severity, primarily due to the availability impact. The underlying weakness is related to resource exhaustion or improper handling of requests leading to a DoS condition, classified under CWE-400 (Uncontrolled Resource Consumption). No known exploits in the wild have been reported as of the publication date (January 16, 2024). The vulnerability affects multiple network protocols used by MySQL Server, increasing the attack surface. Since the attacker must have high privileges, exploitation is limited to insiders or attackers who have already compromised credentials or elevated access. The absence of patches or mitigation links in the provided data suggests that organizations should monitor Oracle advisories for updates. Overall, this vulnerability poses a risk of service disruption in environments relying on the affected MySQL versions, particularly where high-privileged network access is possible.
Potential Impact
For European organizations, the primary impact of CVE-2024-20971 is the potential for denial of service on critical database infrastructure running MySQL Server. This can lead to downtime of business applications, disruption of services, and potential loss of productivity. Organizations in sectors such as finance, healthcare, e-commerce, and public administration that rely heavily on MySQL for data storage and transaction processing could experience operational interruptions. Although the vulnerability does not allow data theft or modification, the availability impact can indirectly affect business continuity and service level agreements. In regulated industries, prolonged outages could also lead to compliance issues. The requirement for high privileges limits the risk to insider threats or attackers who have already breached perimeter defenses, emphasizing the importance of strict access controls and monitoring. The multi-protocol attack vector means that various network interfaces to MySQL could be targeted, increasing the risk in complex network environments. European organizations with remote database management or cloud-hosted MySQL instances should be particularly vigilant. Given the medium severity rating and lack of known exploits, the immediate risk is moderate but warrants proactive mitigation to prevent potential disruption.
Mitigation Recommendations
1. Restrict high-privileged access: Enforce the principle of least privilege by limiting administrative and high-privilege MySQL accounts, especially those accessible over the network. 2. Network segmentation: Isolate MySQL servers from untrusted networks and restrict access to trusted hosts and management stations only. 3. Monitor and audit: Implement continuous monitoring of MySQL server logs and network traffic for unusual activity or repeated connection attempts that could indicate exploitation attempts. 4. Apply access controls: Use firewall rules and MySQL user privileges to limit protocol access and restrict connections to necessary protocols and IP addresses. 5. Patch management: Stay updated with Oracle’s security advisories and apply patches promptly once available. 6. Use connection encryption and authentication mechanisms to reduce the risk of credential compromise that could lead to high-privileged access. 7. Implement resource limits and query throttling where possible to mitigate the impact of resource exhaustion attacks. 8. Prepare incident response plans to quickly recover from potential DoS events affecting MySQL services. These steps go beyond generic advice by focusing on controlling high-privilege access, network-level protections, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- oracle
- Date Reserved
- 2023-12-07T22:28:10.635Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683f4260182aa0cae2881849
Added to database: 6/3/2025, 6:43:44 PM
Last enriched: 7/4/2025, 1:10:28 PM
Last updated: 7/27/2025, 2:08:41 PM
Views: 10
Related Threats
CVE-2025-8885: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.