Lucene search
Ubuntu.comUB:CVE-2024-20993HistoryApr 16, 2024 - 12:00 a.m.
CVE-2024-20993
2024-04-1600:00:00
ubuntu.com
ubuntu.com
9
oracle mysql server
optimizer
network access
compromise
denial of service
vulnerability
high privileged
affected versions
cvss 3.1
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.35 and
prior and 8.2.0 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Notes
| Author | Note |
|---|---|
| iconstantin | since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 23.10 | noarch | mariadb | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | mariadb | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | mariadb-10.0 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | mariadb-10.1 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | mariadb-10.6 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | mysql-5.7 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | mysql-8.0 | < 8.0.36-0ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | mysql-8.0 | < 8.0.36-0ubuntu0.22.04.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | mysql-8.0 | < 8.0.36-0ubuntu0.23.10.1 | UNKNOWN |
| ubuntu | 24.04 | noarch | mysql-8.0 | < 8.0.36-1 | UNKNOWN |
Related
cve
cve
CVE-2024-20993
2024-04-16 22:15:12
cvelist
cvelist
CVE-2024-20993
2024-04-16 21:25:55
redhatcve
redhatcve
CVE-2024-20993
2024-04-18 14:52:16
debiancve
debiancve
CVE-2024-20993
2024-04-16 22:15:12
openvas
openvas
f5
f5
nessus
nessus
Oracle MySQL Server 8.0.x < 8.0.36 (April 2024 CPU)
2024-01-19 00:00:00
RHEL 9 : mysql (RHSA-2024:1141)
2024-03-05 00:00:00
RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)
2024-04-30 00:00:00
redhat
redhat
(RHSA-2024:0894) Moderate: mysql:8.0 security update
2024-02-20 11:21:25
(RHSA-2024:1141) Moderate: mysql security update
2024-03-05 15:32:23
(RHSA-2024:2619) Moderate: rh-mysql80-mysql security update
2024-04-30 16:31:20
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00