Login Sign Up

CVE-2024-21197

4.9 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's Information Schema component allows authenticated high-privileged attackers to cause a denial of service by crashing or hanging the server. It affects MySQL versions 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. Attackers need network access and administrative privileges to exploit this vulnerability.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior
Operating Systems: All platforms running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have administrative privileges (PR:H in CVSS)

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MySQL Server outage causing application downtime and service disruption

🟠

Likely Case

Targeted DoS attacks against MySQL servers by malicious insiders or compromised admin accounts

🟢

If Mitigated

Limited impact due to proper privilege separation and network segmentation

🌐 Internet-Facing: MEDIUM - Requires admin credentials but internet-facing MySQL servers with weak authentication are vulnerable
🏢 Internal Only: HIGH - Internal attackers with admin access can easily cause service disruption

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CVSS indicates easily exploitable but requires high privileges

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 8.0.39, 8.4.2, and 9.0.1

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL patch from Oracle 2. Backup databases 3. Apply patch following Oracle's instructions 4. Restart MySQL service 5. Verify version and functionality

🔧 Temporary Workarounds

Restrict administrative access

all

Limit MySQL administrative accounts to only trusted users and systems

REVOKE ALL PRIVILEGES ON *.* FROM 'user'@'%';
DROP USER 'untrusted_admin'@'%';

Network segmentation

linux

Restrict MySQL port access to only required application servers

iptables -A INPUT -p tcp --dport 3306 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

  • Implement strict access controls to limit administrative MySQL accounts
  • Monitor for unusual administrative activity and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); and compare against affected versions

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

Verify version is above affected ranges and test Information Schema functionality

📡 Detection & Monitoring

Log Indicators:

  • Multiple connection attempts from admin accounts
  • MySQL crash logs
  • Information Schema query errors

Network Indicators:

  • Unusual traffic patterns to MySQL port 3306 from unexpected sources

SIEM Query:

source="mysql.log" AND ("crash" OR "hang" OR "Information Schema")

📊 Metadata

CVE ID: CVE-2024-21197
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Published: October 15, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON