Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-20968
HistoryFeb 17, 2024 - 12:00 a.m.

CVE-2024-20968

2024-02-1700:00:00
ubuntu.com
ubuntu.com
13
mysql server
oracle mysql
vulnerability
high privileged attacker
dos
cvss 3.1
network access
unauthorized ability

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0

Percentile

13.3%

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Options). Supported versions that are affected are 8.0.34 and prior
and 8.1.0. Difficult to exploit vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Notes

Author Note
leosilva since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0

Percentile

13.3%