Login Sign Up

CVE-2024-21125

4.9 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's Full-Text Search (FTS) component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. Only authenticated users with administrative privileges can exploit this vulnerability.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.37 and prior, 8.4.0 and prior
Operating Systems: All platforms running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires FTS component to be enabled (default in most installations).

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Targeted DoS attacks against vulnerable MySQL instances by malicious insiders or compromised admin accounts.

🟢

If Mitigated

Limited impact due to required high privileges and network access controls.

🌐 Internet-Facing: MEDIUM - Internet-facing MySQL servers with admin accounts exposed are vulnerable to DoS attacks.
🏢 Internal Only: MEDIUM - Internal attackers with admin privileges can disrupt database services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes it as 'easily exploitable' but requires high privileges (PR:H).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.38 and 8.4.1 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download MySQL 8.0.38+ or 8.4.1+ from Oracle. 2. Backup databases. 3. Stop MySQL service. 4. Install updated version. 5. Restart MySQL service. 6. Verify version with 'SELECT VERSION();'

🔧 Temporary Workarounds

Restrict Network Access

all

Limit MySQL server access to trusted networks only

# In my.cnf: bind-address = trusted_ip
# Firewall: iptables -A INPUT -p tcp --dport 3306 -s trusted_network -j ACCEPT

Principle of Least Privilege

all

Reduce number of accounts with administrative privileges

REVOKE ALL PRIVILEGES ON *.* FROM 'admin_user'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE ON specific_db.* TO 'limited_user'@'specific_host';

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit MySQL access
  • Apply principle of least privilege and regularly audit administrative accounts

🔍 How to Verify

Check if Vulnerable:

Connect to MySQL and run: SELECT VERSION(); If version is 8.0.37 or earlier, or 8.4.0 or earlier, system is vulnerable.

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching, run: SELECT VERSION(); Should show 8.0.38+ or 8.4.1+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL crashes or restarts
  • Error logs showing FTS-related failures before crash
  • Multiple connection attempts from admin accounts

Network Indicators:

  • Unusual traffic patterns to MySQL port 3306 from admin accounts
  • Multiple failed FTS queries from same source

SIEM Query:

source="mysql_error.log" AND ("crash" OR "hang" OR "FTS")

📊 Metadata

CVE ID: CVE-2024-21125
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Published: July 16, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON