Login Sign Up

CVE-2024-21238

5.3 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in MySQL Server's thread pooling component allows authenticated attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL 8.0.39 and earlier, 8.4.1 and earlier, and 9.0.1 and earlier versions. Attackers need low privileges but exploitation is difficult due to high complexity.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.39 and prior, 8.4.1 and prior, 9.0.1 and prior
Operating Systems: All operating systems running affected MySQL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Affects MySQL installations with thread pooling enabled (default in some configurations). Requires network access and low privileged account.

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MySQL Server outage causing application downtime and service disruption until manual restart.

🟠

Likely Case

Intermittent server crashes requiring restart, leading to periodic service interruptions.

🟢

If Mitigated

Minimal impact with proper network segmentation and privilege restrictions limiting attack surface.

🌐 Internet-Facing: MEDIUM - Requires authenticated access but internet-facing MySQL instances are exposed to broader attack surface.
🏢 Internal Only: LOW - Internal-only MySQL servers have reduced attack surface and require attacker to already have internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Oracle describes this as 'difficult to exploit' requiring specific conditions. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL 8.0.40, 8.4.2, 9.0.2 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL version from Oracle website. 2. Backup databases and configuration. 3. Stop MySQL service. 4. Install updated version. 5. Restart MySQL service. 6. Verify functionality.

🔧 Temporary Workarounds

Disable thread pooling

all

Disable thread pooling feature to mitigate vulnerability

Add thread_handling=one-thread-per-connection to my.cnf/my.ini

Restrict network access

all

Limit MySQL network exposure to trusted hosts only

Configure bind-address to specific IP in my.cnf
Use firewall rules to restrict MySQL port (default 3306) access

🧯 If You Can't Patch

  • Implement strict network access controls to limit MySQL exposure to only required applications
  • Apply principle of least privilege to MySQL user accounts and regularly audit permissions

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); and compare against affected versions list.

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

Verify version is 8.0.40+, 8.4.2+, or 9.0.2+ using SELECT VERSION();

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL crashes or restarts
  • Error logs showing thread pool failures
  • Connection spikes followed by service interruption

Network Indicators:

  • Multiple failed authentication attempts from single source
  • Unusual traffic patterns to MySQL port

SIEM Query:

source="mysql.log" ("crash" OR "restart" OR "thread pool") AND severity=ERROR

📊 Metadata

CVE ID: CVE-2024-21238
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Published: October 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON