CVE-2024-21127 – This vulnerability in MySQL Server allows high-... (How to Fix)

Q: What is the severity of CVE-2024-21127?

CVE-2024-21127 has a CVSS score of 4.9 (MEDIUM). This vulnerability in MySQL Server allows high-privileged attackers with network access to cause a denial of service (DoS) by crashing or hanging the server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. Attackers need administrative database privileges but can exploit it remotely via multiple protocols.

📋 TL;DR

This vulnerability in MySQL Server allows high-privileged attackers with network access to cause a denial of service (DoS) by crashing or hanging the server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. Attackers need administrative database privileges but can exploit it remotely via multiple protocols.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.37 and prior, 8.4.0 and prior

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have high privileges (CREATE, ALTER, DROP privileges typically). Component affected is Server: DDL (Data Definition Language).

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Targeted DoS attacks against vulnerable MySQL instances by malicious insiders or compromised admin accounts.

🟢

If Mitigated

Limited impact due to proper access controls and network segmentation preventing unauthorized high-privileged access.

🌐 Internet-Facing: MEDIUM - While exploitable remotely, attackers need high privileges which are rarely exposed directly to the internet.

🏢 Internal Only: HIGH - Internal attackers or compromised admin accounts can easily exploit this to disrupt database services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Oracle describes it as 'easily exploitable' but requires high privileges. No public exploit code identified as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL 8.0.38, 8.4.1, and later versions

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL version from Oracle website. 2. Backup databases. 3. Stop MySQL service. 4. Install updated version. 5. Restart MySQL service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit CREATE, ALTER, DROP privileges to only essential users and applications

REVOKE CREATE, ALTER, DROP ON *.* FROM 'username'@'host';
FLUSH PRIVILEGES;

Network segmentation

linux

Restrict network access to MySQL ports (3306 default) to only trusted hosts

iptables -A INPUT -p tcp --dport 3306 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

Implement strict principle of least privilege for database accounts
Monitor for unusual DDL operations and implement rate limiting on administrative functions

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 8.0.37 or earlier, or 8.4.0 or earlier, system is vulnerable.

Check Version:

mysql -u root -p -e "SELECT VERSION();"

Verify Fix Applied:

After patching, verify version is 8.0.38+ or 8.4.1+ and test DDL operations for stability.

📡 Detection & Monitoring

Log Indicators:

Multiple failed DDL operations
Unexpected server restarts/crashes
Unusual administrative account activity

Network Indicators:

Multiple DDL queries from single source in short timeframe
Connection attempts to MySQL on unusual ports

SIEM Query:

source="mysql.log" ("CREATE" OR "ALTER" OR "DROP") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-21127

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: July 16, 2024

Last Updated: November 4, 2025

🔗 References

https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
https://security.netapp.com/advisory/ntap-20240801-0001/
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21127, you might also want to check these: