Login Sign Up

CVE-2024-21090

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle MySQL Connector/Python allows unauthenticated attackers with network access to cause a denial of service by crashing or hanging the connector. It affects MySQL Connector/Python versions 8.3.0 and earlier. Any system using vulnerable versions of this connector is potentially at risk.

💻 Affected Systems

Products:
  • Oracle MySQL Connector/Python
Versions: 8.3.0 and prior
Operating Systems: All platforms where MySQL Connector/Python is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using MySQL Connector/Python for database connectivity is affected. The vulnerability is protocol-agnostic.

📦 What is this software?

Mysql Connector\/python by Oracle

View all CVEs affecting Mysql Connector\/python →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for applications relying on MySQL Connector/Python, causing application downtime and service disruption.

🟠

Likely Case

Intermittent crashes or hangs of database connectivity in affected applications, leading to partial service degradation.

🟢

If Mitigated

Minimal impact if network access to the connector is restricted or if the vulnerability is patched.

🌐 Internet-Facing: HIGH - Unauthenticated network exploitation makes internet-facing systems particularly vulnerable to DoS attacks.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised internal hosts, though attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes this as 'easily exploitable' with no authentication required. The exact exploitation method is not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.4.0 or later (check Oracle's April 2024 CPU for exact fixed version)

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2024.html

Restart Required: Yes

Instructions:

1. Review Oracle's April 2024 Critical Patch Update advisory. 2. Upgrade MySQL Connector/Python to version 8.4.0 or later. 3. Restart any applications using the connector.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to MySQL Connector/Python instances to only trusted hosts/networks

Use firewall rules to limit inbound connections to MySQL Connector/Python ports

Load Balancer/Proxy Protection

all

Implement rate limiting or connection filtering at network perimeter

Configure WAF or load balancer to limit connections per source IP

🧯 If You Can't Patch

  • Implement strict network access controls to limit which systems can connect to MySQL Connector/Python instances
  • Monitor for unusual connection patterns or DoS attempts and implement automated blocking

🔍 How to Verify

Check if Vulnerable:

Check the installed version of MySQL Connector/Python: python -c "import mysql.connector; print(mysql.connector.__version__)"

Check Version:

python -c "import mysql.connector; print(mysql.connector.__version__)"

Verify Fix Applied:

Verify the version is 8.4.0 or later using the same command and test database connectivity

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes or restarts of applications using MySQL Connector/Python
  • Connection timeouts or hangs in database connectivity logs

Network Indicators:

  • Unusual volume of connections to MySQL Connector/Python ports from single sources
  • Protocol anomalies in MySQL connection attempts

SIEM Query:

source="application_logs" AND ("mysql.connector" OR "MySQL Connector/Python") AND ("crash" OR "hang" OR "timeout" OR "connection failed")

📊 Metadata

CVE ID: CVE-2024-21090
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: April 16, 2024
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON