CVE-2024-21185

4.9 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's InnoDB component allows authenticated high-privileged attackers to cause denial of service by crashing or hanging the database server. It affects MySQL 8.0.38, 8.4.1, and 9.0.0 versions. Attackers need network access and administrative privileges to exploit this vulnerability.

💻 Affected Systems

Products:

• Oracle MySQL Server

Versions: 8.0.38, 8.4.1, 9.0.0

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects InnoDB storage engine component

📦 What is this software?

Mysql Server by Oracle

View all CVEs affecting Mysql Server →

Mysql Server by Oracle

View all CVEs affecting Mysql Server →

Mysql Server by Oracle

View all CVEs affecting Mysql Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server outage causing application downtime and service disruption

🟠

Likely Case

Database crashes requiring restart, leading to temporary service interruption

🟢

If Mitigated

Minimal impact if proper access controls and monitoring are in place

🌐 Internet-Facing: MEDIUM - Requires high privileges but network access is available

🏢 Internal Only: MEDIUM - Internal attackers with admin access can cause disruption

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires high privileged (admin) database access but is described as 'easily exploitable'

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle's July 2024 Critical Patch Update

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Oracle support 2. Backup database 3. Apply patch following Oracle documentation 4. Restart MySQL service

🔧 Temporary Workarounds

Restrict administrative access

all

Limit database administrative privileges to essential personnel only

Network segmentation

all

Restrict network access to MySQL ports (3306 default) to trusted sources only

🧯 If You Can't Patch

• Implement strict access controls to limit administrative database accounts
• Monitor for unusual database crashes or restart patterns

🔍 How to Verify

Check if Vulnerable:

Copy

Check MySQL version: SELECT VERSION(); and compare with affected versions

Check Version:

Copy

mysql -V or SELECT VERSION();

Verify Fix Applied:

Copy

Verify version after patching and monitor for crashes

📡 Detection & Monitoring

Log Indicators:

• Unexpected MySQL crashes
• Database restart events
• InnoDB error messages in MySQL error log

Network Indicators:

• Multiple connections from single admin account followed by service disruption

SIEM Query:

Copy

source="mysql_error.log" AND ("crash" OR "restart" OR "InnoDB error")

📊 Metadata

CVE ID: CVE-2024-21185

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: July 16, 2024

Last Updated: March 18, 2025

🔗 References

• https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
• https://security.netapp.com/advisory/ntap-20240731-0005/
• https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21185, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)

CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)

CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)