openEuler update for mysql



Risk Medium
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2024-21185
CVE-2024-21193
CVE-2024-21194
CVE-2024-21196
CVE-2024-21197
CVE-2024-21198
CVE-2024-21199
CVE-2024-21201
CVE-2024-21203
CVE-2024-21207
CVE-2024-21212
CVE-2024-21213
CVE-2024-21218
CVE-2024-21219
CVE-2024-21230
CVE-2024-21231
CVE-2024-21236
CVE-2024-21237
CVE-2024-21238
CVE-2024-21239
CVE-2024-21241
CVE-2024-21247
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

mysql-test
Operating systems & Components / Operating system package or component

mysql-server
Operating systems & Components / Operating system package or component

mysql-libs
Operating systems & Components / Operating system package or component

mysql-help
Operating systems & Components / Operating system package or component

mysql-errmsg
Operating systems & Components / Operating system package or component

mysql-devel
Operating systems & Components / Operating system package or component

mysql-debugsource
Operating systems & Components / Operating system package or component

mysql-debuginfo
Operating systems & Components / Operating system package or component

mysql-config
Operating systems & Components / Operating system package or component

mysql-common
Operating systems & Components / Operating system package or component

mysql
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU94576

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21185

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU98667

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21193

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU98656

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21194

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU98652

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21196

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: X Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU98663

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21197

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU98661

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21198

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU98657

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21199

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU98665

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21201

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU98655

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21203

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU98658

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21207

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU98669

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21212

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Health Monitor component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU98670

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21213

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU98654

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU98662

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21219

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU98650

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU98672

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21231

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Client programs component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU98659

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21236

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU98674

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21237

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Group Replication GCS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU98653

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21238

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU98660

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21239

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU98666

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-21241

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU98671

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21247

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.40-1

mysql-server: before 8.0.40-1

mysql-libs: before 8.0.40-1

mysql-help: before 8.0.40-1

mysql-errmsg: before 8.0.40-1

mysql-devel: before 8.0.40-1

mysql-debugsource: before 8.0.40-1

mysql-debuginfo: before 8.0.40-1

mysql-config: before 8.0.40-1

mysql-common: before 8.0.40-1

mysql: before 8.0.40-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2287


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###