Login Sign Up

CVE-2024-21171

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's Optimizer component allows low-privileged attackers with network access to cause a denial of service (DoS) by crashing or hanging the server. It affects MySQL 8.0.37 and earlier, and 8.4.0 and earlier versions. Attackers need only low privileges and network access via multiple protocols to exploit this vulnerability.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.37 and prior, 8.4.0 and prior
Operating Systems: All platforms running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Optimizer component; requires low privileged account with network access

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption

🟠

Likely Case

Targeted DoS attacks causing service interruptions for MySQL-dependent applications

🟢

If Mitigated

Limited impact if proper network segmentation and privilege controls are implemented

🌐 Internet-Facing: HIGH - Network accessible with low complexity exploitation
🏢 Internal Only: MEDIUM - Requires internal network access but low privilege requirements

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CVSS indicates 'easily exploitable' with low attack complexity; requires authenticated access but only low privileges

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL 8.0.38 and 8.4.1 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL version from Oracle website 2. Backup databases 3. Stop MySQL service 4. Apply patch/upgrade 5. Restart MySQL service 6. Verify functionality

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MySQL servers to only trusted hosts/IPs

# In MySQL my.cnf: bind-address = trusted_ip
# Use firewall: iptables -A INPUT -p tcp --dport 3306 -s trusted_ip -j ACCEPT

Privilege Minimization

all

Review and minimize low-privileged accounts with network access

REVOKE ALL PRIVILEGES ON *.* FROM 'lowprivuser'@'%';
DROP USER 'lowprivuser'@'%';

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit MySQL access
  • Apply principle of least privilege and audit all low-privileged MySQL accounts

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); - if version is 8.0.37 or earlier, or 8.4.0 or earlier, system is vulnerable

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching: SELECT VERSION(); should show 8.0.38+ or 8.4.1+

📡 Detection & Monitoring

Log Indicators:

  • MySQL crash logs
  • Unexpected service restarts
  • Error logs showing optimizer-related failures

Network Indicators:

  • Multiple connection attempts from single source to MySQL
  • Unusual query patterns targeting optimizer functions

SIEM Query:

source="mysql.log" ("crash" OR "segfault" OR "hang") AND "optimizer"

📊 Metadata

CVE ID: CVE-2024-21171
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: July 16, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21171, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)