Login Sign Up

CVE-2024-20996

4.9 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's InnoDB component allows authenticated high-privilege attackers to cause denial of service by crashing or hanging the database server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. Attackers need network access and high database privileges to exploit this vulnerability.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.37 and prior, 8.4.0 and prior
Operating Systems: All operating systems running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have high database privileges (PR:H in CVSS)

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server outage causing application downtime and service disruption

🟠

Likely Case

Database crashes requiring restart, leading to temporary service interruption

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place

🌐 Internet-Facing: MEDIUM - Requires high-privilege credentials but network access enables remote exploitation
🏢 Internal Only: MEDIUM - Internal attackers with high privileges could cause service disruption

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CVSS indicates easily exploitable but requires high-privilege credentials

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.38 and 8.4.1 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download MySQL 8.0.38 or 8.4.1+ from Oracle 2. Backup databases 3. Stop MySQL service 4. Install updated version 5. Restart MySQL service 6. Verify functionality

🔧 Temporary Workarounds

Restrict Database Privileges

all

Limit high-privilege accounts to essential users only

REVOKE SUPER, PROCESS, SHUTDOWN FROM non_essential_users@'%';
FLUSH PRIVILEGES;

Network Access Controls

linux

Restrict database access to trusted networks only

iptables -A INPUT -p tcp --dport 3306 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

  • Implement strict principle of least privilege for database accounts
  • Monitor for unusual database connection patterns and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 8.0.37 or earlier, or 8.4.0 or earlier, system is vulnerable

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching: SELECT VERSION(); should show 8.0.38+ or 8.4.1+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL crashes or restarts
  • Multiple failed authentication attempts from same source
  • Unusual queries from high-privilege accounts

Network Indicators:

  • Multiple connections to MySQL port 3306 from unusual sources
  • Connection attempts using high-privilege accounts from unexpected locations

SIEM Query:

source="mysql.log" ("crash" OR "shutdown" OR "restart") AND severity="ERROR"

📊 Metadata

CVE ID: CVE-2024-20996
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: July 16, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20996, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)