CVE-2024-21201
📋 TL;DR
This vulnerability in MySQL Server's optimizer component allows authenticated high-privilege attackers to cause denial of service by crashing or hanging the database server. It affects MySQL versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. Attackers need network access and administrative database privileges to exploit this vulnerability.
💻 Affected Systems
- Oracle MySQL Server
📦 What is this software?
Mysql by Oracle
Mysql by Oracle
Mysql by Oracle
Mysql by Oracle
⚠️ Risk & Real-World Impact
Worst Case
Complete unavailability of MySQL database service, disrupting all applications dependent on it.
Likely Case
Service disruption requiring database restart, potentially causing application downtime and data inconsistency.
If Mitigated
Limited impact due to proper privilege separation and network segmentation preventing unauthorized access.
🎯 Exploit Status
CVSS indicates 'easily exploitable' but requires authenticated high-privilege access. No public exploit details available in advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 8.0.39, 8.4.2, and 9.0.1 (check specific patch versions in Oracle advisory)
Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html
Restart Required: Yes
Instructions:
1. Review Oracle October 2024 Critical Patch Update advisory. 2. Identify appropriate patch for your MySQL version. 3. Apply patch following Oracle's upgrade procedures. 4. Restart MySQL service to apply changes.
🔧 Temporary Workarounds
Restrict administrative access
allLimit database administrative privileges to only essential personnel and systems.
REVOKE ALL PRIVILEGES ON *.* FROM 'admin_user'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE ON specific_db.* TO 'limited_user'@'specific_host';
Network segmentation
linuxRestrict network access to MySQL ports (default 3306) to only trusted hosts.
iptables -A INPUT -p tcp --dport 3306 -s trusted_host -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
🧯 If You Can't Patch
- Implement strict database privilege management following principle of least privilege
- Monitor for unusual administrative database activity and failed connection attempts
🔍 How to Verify
Check if Vulnerable:
Check MySQL version: SELECT VERSION(); If version matches affected ranges (8.0.39 or earlier, 8.4.2 or earlier, 9.0.1 or earlier), system is vulnerable.Check Version:
mysql -u root -p -e 'SELECT VERSION();'Verify Fix Applied:
After patching, verify version is beyond affected ranges: SELECT VERSION(); and confirm no crashes occur during normal operation.📡 Detection & Monitoring
Log Indicators:
- Unexpected MySQL crashes or hangs in error logs
- Multiple failed connection attempts from unusual sources
- Administrative queries from unexpected sources
Network Indicators:
- Unusual traffic patterns to MySQL port 3306
- Multiple connection attempts from single source to administrative accounts
SIEM Query:
source="mysql_error.log" ("crash" OR "hang" OR "segmentation fault") OR source="mysql_general.log" user="root" OR user="admin"