CVE-2024-21238

8 documents8 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 48.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation Mysql ClusterOracle Corporation Mysql ServerOracle Mysql
Timeline
PublishedOct 15

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Sco

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

CVEListV5oracle_corporation/mysql_server*8.0.39+2
NVDoracle/mysql8.0.08.0.39+3
CVEListV5oracle_corporation/mysql_cluster*7.5.35+4

Patches

Patch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-cgw6-mmr2-9474: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling)2024-10-15
CVEList
CVE-2024-21238: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling)2024-10-15
OSV
CVE-2024-21238: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling)2024-10-15

📋Vendor Advisories

4
Oracle
Oracle Oracle MySQL Risk Matrix: Cluster: General — CVE-2024-212382024-10-15
Red Hat
mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024)2024-10-15
Microsoft
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficul2024-10-08
Debian
CVE-2024-21238: mysql-8.0 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Th...2024