Login Sign Up

CVE-2024-21199

4.9 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's InnoDB component allows authenticated high-privilege attackers to cause a denial of service by crashing or hanging the database server. It affects MySQL versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. The attack requires network access but only impacts availability, not confidentiality or integrity.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior
Operating Systems: All platforms running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with InnoDB storage engine enabled (default). Requires attacker with high privileges (CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT privileges on affected tables).

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server outage causing application downtime and service disruption until manual restart.

🟠

Likely Case

Targeted DoS attacks by malicious insiders or compromised admin accounts causing intermittent database crashes.

🟢

If Mitigated

Limited impact with proper privilege separation and network segmentation, though DoS still possible from authorized users.

🌐 Internet-Facing: MEDIUM - Requires high-privilege credentials but internet-facing databases are more exposed to credential compromise.
🏢 Internal Only: MEDIUM - Insider threat risk from authorized users with administrative access to MySQL.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes as 'easily exploitable' but requires high-privilege database credentials. No public exploit details available as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL 8.0.40, 8.4.3, 9.0.2 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Backup databases. 2. Download patched version from Oracle. 3. Stop MySQL service. 4. Install update. 5. Restart MySQL service. 6. Verify version with 'SELECT VERSION();'

🔧 Temporary Workarounds

Restrict administrative access

all

Limit high-privilege database accounts to only necessary users and applications.

REVOKE ALL PRIVILEGES ON *.* FROM 'user'@'host';
GRANT SELECT, INSERT, UPDATE, DELETE ON specific_db.* TO 'user'@'host';

Network segmentation

linux

Restrict database access to specific application servers using firewall rules.

iptables -A INPUT -p tcp --dport 3306 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

  • Implement strict principle of least privilege for database accounts
  • Monitor for unusual database connection patterns and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Connect to MySQL and run: SELECT VERSION(); Compare against affected versions.

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching, run: SELECT VERSION(); Should show 8.0.40+, 8.4.3+, or 9.0.2+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL crashes/restarts in error logs
  • Multiple connection attempts from single admin account
  • InnoDB-related error messages preceding crashes

Network Indicators:

  • Unusual traffic patterns to MySQL port 3306 from unexpected sources
  • Multiple rapid connections from admin accounts

SIEM Query:

source="mysql_error.log" AND ("crash" OR "shutdown" OR "restart") | stats count by host, user

📊 Metadata

CVE ID: CVE-2024-21199
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Published: October 15, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON