Login Sign Up

CVE-2024-21129

4.9 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server allows high-privileged attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. The attack requires administrative privileges but can be executed remotely via multiple protocols.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.37 and prior, 8.4.0 and prior
Operating Systems: All platforms running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have high privileges (PR:H in CVSS), typically administrative database access.

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Targeted DoS attacks against vulnerable MySQL instances by malicious insiders or compromised admin accounts.

🟢

If Mitigated

Limited impact due to proper access controls and network segmentation preventing unauthorized admin access.

🌐 Internet-Facing: MEDIUM - While exploitable remotely, it requires high privileges which are typically not exposed to internet-facing interfaces.
🏢 Internal Only: HIGH - Internal attackers with admin credentials or compromised admin accounts can easily exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes it as 'easily exploitable' but requires high privileged attacker access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update for July 2024 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download the appropriate Critical Patch Update from Oracle. 2. Apply the patch following Oracle's MySQL update procedures. 3. Restart MySQL service to apply changes.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit network access to MySQL administrative interfaces and implement strict access controls for admin accounts.

# Configure MySQL to only listen on localhost if possible
bind-address = 127.0.0.1
# Implement firewall rules to restrict access
iptables -A INPUT -p tcp --dport 3306 -s trusted_ips -j ACCEPT

🧯 If You Can't Patch

  • Implement network segmentation to isolate MySQL servers from untrusted networks
  • Enforce principle of least privilege for MySQL administrative accounts and implement multi-factor authentication

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 8.0.37 or earlier, or 8.4.0 or earlier, the system is vulnerable.

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

Verify MySQL version is updated beyond affected versions and check patch status in Oracle's advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL crashes or restarts
  • Multiple failed authentication attempts followed by successful admin login
  • Unusual administrative queries from unexpected sources

Network Indicators:

  • Multiple protocol connections to MySQL port 3306 from single source
  • Rapid sequence of DDL operations from admin accounts

SIEM Query:

source="mysql.log" ("crash" OR "restart" OR "shutdown") AND ("admin" OR "root")

📊 Metadata

CVE ID: CVE-2024-21129
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Published: July 16, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON