Improper Resource Shutdown or Release

CVE-2024-20966

Medium

4.9/10

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). This vulnerability affects mysql-server package versions through 8.0.35, and 8.1.0 through 8.2.0. An easily exploitable vulnerability allows a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Feb 17, 2024

Improper Resource Shutdown or Release

CVE-2024-20966

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS