openEuler 22.03 LTS SP2 update for mysql



Risk Medium
Patch available YES
Number of vulnerabilities 39
CVE-ID CVE-2023-6129
CVE-2024-20960
CVE-2024-20961
CVE-2024-20962
CVE-2024-20963
CVE-2024-20964
CVE-2024-20965
CVE-2024-20966
CVE-2024-20967
CVE-2024-20969
CVE-2024-20970
CVE-2024-20971
CVE-2024-20972
CVE-2024-20973
CVE-2024-20974
CVE-2024-20976
CVE-2024-20977
CVE-2024-20978
CVE-2024-20981
CVE-2024-20982
CVE-2024-20984
CVE-2024-20985
CVE-2024-20993
CVE-2024-20994
CVE-2024-20998
CVE-2024-21000
CVE-2024-21008
CVE-2024-21009
CVE-2024-21013
CVE-2024-21047
CVE-2024-21054
CVE-2024-21055
CVE-2024-21057
CVE-2024-21060
CVE-2024-21061
CVE-2024-21062
CVE-2024-21069
CVE-2024-21096
CVE-2024-21102
CWE-ID CWE-371
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

mysql-debugsource
Operating systems & Components / Operating system package or component

mysql-common
Operating systems & Components / Operating system package or component

mysql-help
Operating systems & Components / Operating system package or component

mysql-debuginfo
Operating systems & Components / Operating system package or component

mysql-test
Operating systems & Components / Operating system package or component

mysql-libs
Operating systems & Components / Operating system package or component

mysql-server
Operating systems & Components / Operating system package or component

mysql-config
Operating systems & Components / Operating system package or component

mysql-errmsg
Operating systems & Components / Operating system package or component

mysql-devel
Operating systems & Components / Operating system package or component

mysql
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 39 vulnerabilities.

1) State Issues

EUVDB-ID: #VU85170

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6129

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in POLY1305 MAC (message authentication code) implementation on PowerPC CPU based platforms if the CPU provides vector instructions. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU85483

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: RAPID component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU85478

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20961

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU85479

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU85484

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU85488

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20964

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU85489

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20965

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU85492

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU85487

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU85486

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20969

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU85493

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20970

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU85494

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20971

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU85495

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20972

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU85480

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20973

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU85496

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU85497

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20976

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU85482

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU85498

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20978

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU85490

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20981

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU85499

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20982

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU85500

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20984

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server : Security : Firewall component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU85485

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20985

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU88689

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20993

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU88676

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU88690

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20998

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU88699

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21000

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU88697

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21008

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU88691

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21009

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU88698

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21013

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU88678

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21047

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU88692

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21054

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU88693

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21055

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU88694

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21057

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU88687

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21060

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU88679

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21061

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Audit Plug-in component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU88695

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU88680

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21069

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU88696

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU88677

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21102

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP2

mysql-debugsource: before 8.0.37-1

mysql-common: before 8.0.37-1

mysql-help: before 8.0.37-1

mysql-debuginfo: before 8.0.37-1

mysql-test: before 8.0.37-1

mysql-libs: before 8.0.37-1

mysql-server: before 8.0.37-1

mysql-config: before 8.0.37-1

mysql-errmsg: before 8.0.37-1

mysql-devel: before 8.0.37-1

mysql: before 8.0.37-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###