CVE-2024-21102
Publication date 16 April 2024
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Status
Package | Ubuntu Release | Status |
---|---|---|
mariadb | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
mariadb-10.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
mariadb-10.1 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
mariadb-10.3 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored end of standard support | |
mariadb-10.6 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
mysql-5.5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored see notes | |
mysql-5.7 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial | Ignored see notes | |
mysql-8.0 | 24.04 LTS noble |
Fixed 8.0.37-0ubuntu0.24.04.1
|
22.04 LTS jammy |
Fixed 8.0.37-0ubuntu0.22.04.3
|
|
20.04 LTS focal |
Fixed 8.0.37-0ubuntu0.20.04.3
|
|
percona-server-5.6 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Needs evaluation
|
|
percona-xtradb-cluster-5.6 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Needs evaluation
|
Notes
iconstantin
since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.9 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6823-1
- MySQL vulnerabilities
- 11 June 2024