CVE-2024-21096

EUVD-2024-18810
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump).  Supported versions that are affected are 8.0.36 and prior and  8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Server accessible data as well as  unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
oraclemysql
8.0.0 ≤
𝑥
≤ 8.0.36
oraclemysql
8.1.0 ≤
𝑥
≤ 8.3.0
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netapponcommand_insight
-
netapponcommand_workflow_automation
-
netappsnapcenter
-
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
1:10.11.14-0+deb12u2
fixed
bullseye
no-dsa
forky
1:11.8.5-3
fixed
sid
1:11.8.5-3
fixed
trixie
1:11.8.3-0+deb13u1
fixed
mariadb-10.5
bullseye
vulnerable
bullseye (security)
1:10.5.29-0+deb11u1
fixed
mysql-8.0
bullseye
no-dsa
sid
8.0.44-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.5
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
ignored
mysql-5.7
bionic
needs-triage
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
ignored
mariadb
focal
dne
jammy
dne
mantic
Fixed 1:10.11.8-0ubuntu0.23.10.1
released
noble
Fixed 1:10.11.8-0ubuntu0.24.04.1
released
oracular
ignored
plucky
needed
questing
needed
mariadb-10.0
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
mariadb-10.1
bionic
needs-triage
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
mariadb-10.3
focal
needs-triage
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
mariadb-10.6
focal
dne
jammy
Fixed 1:10.6.18-0ubuntu0.22.04.1
released
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
percona-xtradb-cluster-5.6
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
percona-server-5.6
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
mysql-8.0
focal
Fixed 8.0.37-0ubuntu0.20.04.3
released
jammy
Fixed 8.0.37-0ubuntu0.22.04.3
released
mantic
Fixed 8.0.37-0ubuntu0.23.10.2
released
noble
Fixed 8.0.37-0ubuntu0.24.04.1
released
oracular
not-affected
plucky
dne
questing
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
libmariadbd19
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
mariadb
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
mariadb-client
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
mariadb-errormessages
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
mariadb-tools
suse enterprise sap 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise sap 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise sap 15 SP7
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP3
10.5.26-150300.3.46.1
fixed
suse enterprise server 15 SP4
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP5
10.6.18-150400.3.33.1
fixed
suse enterprise server 15 SP6
10.11.8-150600.4.3.1
fixed
suse enterprise server 15 SP7
10.11.8-150600.4.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
galera
RHEL 9
0:26.4.20-1.el9_5
fixed
mariadb
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-backup
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-common
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-devel
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-embedded
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-embedded-devel
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-errmsg
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-gssapi-server
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-oqgraph-engine
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-pam
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server-galera
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-server-utils
RHEL 9
3:10.5.27-1.el9_5
fixed
mariadb-test
RHEL 9
3:10.5.27-1.el9_5
fixed
References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/
https://security.netapp.com/advisory/ntap-20240426-0013/
https://www.oracle.com/security-alerts/cpuapr2024.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/
https://security.netapp.com/advisory/ntap-20240426-0013/
https://www.oracle.com/security-alerts/cpuapr2024.html