CVE-2024-21203 – This vulnerability in Oracle MySQL Server's Ful... (How to Fix)

Q: What is the severity of CVE-2024-21203?

CVE-2024-21203 has a CVSS score of 4.9 (MEDIUM). This vulnerability in Oracle MySQL Server's Full-Text Search (FTS) component allows high-privileged attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL Server versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. Attackers need administrative database privileges but can exploit it easily via multiple network protocols.

📋 TL;DR

This vulnerability in Oracle MySQL Server's Full-Text Search (FTS) component allows high-privileged attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL Server versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. Attackers need administrative database privileges but can exploit it easily via multiple network protocols.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires FTS component to be enabled (default in most installations). Attackers need high database privileges (CREATE, ALTER, DROP, etc.).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Targeted DoS attacks against vulnerable MySQL instances by malicious insiders or compromised admin accounts.

🟢

If Mitigated

Limited impact if proper network segmentation and privilege controls prevent unauthorized admin access.

🌐 Internet-Facing: MEDIUM - While exploitable over network, requires high privileges making direct internet exploitation less likely unless misconfigured.

🏢 Internal Only: HIGH - Internal attackers with admin access or compromised admin accounts can easily cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Oracle describes as 'easily exploitable' but requires high privileges. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.40, 8.4.3, 9.0.2 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download patched MySQL version from Oracle. 2. Backup databases. 3. Stop MySQL service. 4. Install update. 5. Restart MySQL service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit high-privilege database accounts to trusted sources only

REVOKE ALL PRIVILEGES ON *.* FROM 'admin_user'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE ON specific_db.* TO 'admin_user'@'trusted_ip';

Network Segmentation

linux

Restrict MySQL port access to application servers only

iptables -A INPUT -p tcp --dport 3306 -s app_server_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

🧯 If You Can't Patch

Implement strict principle of least privilege for database accounts
Monitor for unusual admin account activity and failed connection attempts

🔍 How to Verify

Check if Vulnerable:

Run 'SELECT VERSION();' in MySQL and compare against affected versions

Check Version:

mysql --version OR SELECT VERSION();

Verify Fix Applied:

Check version is 8.0.40+, 8.4.3+, or 9.0.2+ and test FTS functionality

📡 Detection & Monitoring

Log Indicators:

Multiple connection attempts from unusual sources
Unexpected server crashes or restarts
FTS-related error messages in MySQL logs

Network Indicators:

Unusual traffic patterns to MySQL port 3306
Multiple rapid connections from single source

SIEM Query:

source="mysql.log" AND ("crash" OR "hang" OR "shutdown") AND NOT "normal"

📊 Metadata

CVE ID: CVE-2024-21203

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: October 15, 2024

Last Updated: November 3, 2025

🔗 References

https://www.oracle.com/security-alerts/cpuoct2024.html Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20241025-0006/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21203, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mysql by Oracle

Mysql by Oracle

Mysql by Oracle

Mysql by Oracle

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Admin Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities