The vulnerability of the Connector/Python driver component of MySQL Connectors in the Oracle MySQL database management system allows a hacker to cause a service failure.

🗓️ 02 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The Connector Python driver for MySQL has insufficient input validation enabling remote failures.

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2024-21090	27 Mar 202517:26	–	circl
CNNVD	Oracle MySQL 的 MySQL Connectors 安全漏洞	16 Apr 202400:00	–	cnnvd
CNVD	Oracle MySQL Denial of Service Vulnerability (CNVD-2024-20817)	18 Apr 202400:00	–	cnvd
CVE	CVE-2024-21090	16 Apr 202421:26	–	cve
Cvelist	CVE-2024-21090	16 Apr 202421:26	–	cvelist
Debian CVE	CVE-2024-21090	16 Apr 202421:26	–	debiancve
EUVD	EUVD-2024-18804	3 Oct 202520:07	–	euvd
F5 Networks	K000139533: MySQL vulnerability CVE-2024-21090	7 May 202414:55	–	f5
Microsoft CVE	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).	3 Sep 202521:44	–	mscve
NCSC	Vulnerabilities fixed in Oracle MySQL	19 Apr 202400:00	–	ncsc

Vulners

Node

oracle mysql_connectorsRange≤8.3.0

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2024.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB20240417102
web	www.web.nvd.nist.gov/view/vuln/detail

02 May 2024 00:00Current

7High risk

Vulners AI Score7

CVSS 37.5

CVSS 27.8

EPSS0.00269

insufficient input validation connector python driver mysql connectors remote service failures