CVE-2024-21176
Published: 16 July 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Notes
Author | Note |
---|---|
iconstantin |
since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored. |
mdeslaur |
8.4.0 only |
Priority
Status
Package | Release | Status |
---|---|---|
mariadb
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|
|
mariadb-10.0
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mariadb-10.1
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mariadb-10.3
Launchpad, Ubuntu, Debian |
focal |
Ignored
(end of standard support)
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mariadb-10.6
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Needs triage
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-5.5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Ignored
(see notes)
|
|
upstream |
Needs triage
|
|
mysql-5.7
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(8.4.0 only)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(see notes)
|
|
mysql-8.0
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(8.4.0 only)
|
jammy |
Not vulnerable
(8.4.0 only)
|
|
noble |
Not vulnerable
(8.4.0 only)
|
|
upstream |
Not vulnerable
(8.4.0 only)
|
|
percona-server-5.6
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
percona-xtradb-cluster-5.6
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |