GoogleOSV:ALSA-2024:1141Moderate: mysql security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.9%
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
- mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)
- mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)
- mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
- mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)
- mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
- mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
- mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
- mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
- mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
- mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
- mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
- zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
Bug Fix(es):
- Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
access.redhat.com/errata/RHSA-2024:1141
access.redhat.com/security/cve/CVE-2022-4899
access.redhat.com/security/cve/CVE-2023-21911
access.redhat.com/security/cve/CVE-2023-21919
access.redhat.com/security/cve/CVE-2023-21920
access.redhat.com/security/cve/CVE-2023-21929
access.redhat.com/security/cve/CVE-2023-21933
access.redhat.com/security/cve/CVE-2023-21935
access.redhat.com/security/cve/CVE-2023-21940
access.redhat.com/security/cve/CVE-2023-21945
access.redhat.com/security/cve/CVE-2023-21946
access.redhat.com/security/cve/CVE-2023-21947
access.redhat.com/security/cve/CVE-2023-21953
access.redhat.com/security/cve/CVE-2023-21955
access.redhat.com/security/cve/CVE-2023-21962
access.redhat.com/security/cve/CVE-2023-21966
access.redhat.com/security/cve/CVE-2023-21972
access.redhat.com/security/cve/CVE-2023-21976
access.redhat.com/security/cve/CVE-2023-21977
access.redhat.com/security/cve/CVE-2023-21980
access.redhat.com/security/cve/CVE-2023-21982
access.redhat.com/security/cve/CVE-2023-22005
access.redhat.com/security/cve/CVE-2023-22007
access.redhat.com/security/cve/CVE-2023-22008
access.redhat.com/security/cve/CVE-2023-22032
access.redhat.com/security/cve/CVE-2023-22033
access.redhat.com/security/cve/CVE-2023-22038
access.redhat.com/security/cve/CVE-2023-22046
access.redhat.com/security/cve/CVE-2023-22048
access.redhat.com/security/cve/CVE-2023-22053
access.redhat.com/security/cve/CVE-2023-22054
access.redhat.com/security/cve/CVE-2023-22056
access.redhat.com/security/cve/CVE-2023-22057
access.redhat.com/security/cve/CVE-2023-22058
access.redhat.com/security/cve/CVE-2023-22059
access.redhat.com/security/cve/CVE-2023-22064
access.redhat.com/security/cve/CVE-2023-22065
access.redhat.com/security/cve/CVE-2023-22066
access.redhat.com/security/cve/CVE-2023-22068
access.redhat.com/security/cve/CVE-2023-22070
access.redhat.com/security/cve/CVE-2023-22078
access.redhat.com/security/cve/CVE-2023-22079
access.redhat.com/security/cve/CVE-2023-22084
access.redhat.com/security/cve/CVE-2023-22092
access.redhat.com/security/cve/CVE-2023-22097
access.redhat.com/security/cve/CVE-2023-22103
access.redhat.com/security/cve/CVE-2023-22104
access.redhat.com/security/cve/CVE-2023-22110
access.redhat.com/security/cve/CVE-2023-22111
access.redhat.com/security/cve/CVE-2023-22112
access.redhat.com/security/cve/CVE-2023-22113
access.redhat.com/security/cve/CVE-2023-22114
access.redhat.com/security/cve/CVE-2023-22115
access.redhat.com/security/cve/CVE-2024-20960
access.redhat.com/security/cve/CVE-2024-20961
access.redhat.com/security/cve/CVE-2024-20962
access.redhat.com/security/cve/CVE-2024-20963
access.redhat.com/security/cve/CVE-2024-20964
access.redhat.com/security/cve/CVE-2024-20965
access.redhat.com/security/cve/CVE-2024-20966
access.redhat.com/security/cve/CVE-2024-20967
access.redhat.com/security/cve/CVE-2024-20968
access.redhat.com/security/cve/CVE-2024-20969
access.redhat.com/security/cve/CVE-2024-20970
access.redhat.com/security/cve/CVE-2024-20971
access.redhat.com/security/cve/CVE-2024-20972
access.redhat.com/security/cve/CVE-2024-20973
access.redhat.com/security/cve/CVE-2024-20974
access.redhat.com/security/cve/CVE-2024-20976
access.redhat.com/security/cve/CVE-2024-20977
access.redhat.com/security/cve/CVE-2024-20978
access.redhat.com/security/cve/CVE-2024-20981
access.redhat.com/security/cve/CVE-2024-20982
access.redhat.com/security/cve/CVE-2024-20983
access.redhat.com/security/cve/CVE-2024-20984
access.redhat.com/security/cve/CVE-2024-20985
bugzilla.redhat.com/2179864
bugzilla.redhat.com/2188109
bugzilla.redhat.com/2188113
bugzilla.redhat.com/2188115
bugzilla.redhat.com/2188116
bugzilla.redhat.com/2188117
bugzilla.redhat.com/2188118
bugzilla.redhat.com/2188119
bugzilla.redhat.com/2188120
bugzilla.redhat.com/2188121
bugzilla.redhat.com/2188122
bugzilla.redhat.com/2188123
bugzilla.redhat.com/2188124
bugzilla.redhat.com/2188125
bugzilla.redhat.com/2188127
bugzilla.redhat.com/2188128
bugzilla.redhat.com/2188129
bugzilla.redhat.com/2188130
bugzilla.redhat.com/2188131
bugzilla.redhat.com/2188132
bugzilla.redhat.com/2224211
bugzilla.redhat.com/2224212
bugzilla.redhat.com/2224213
bugzilla.redhat.com/2224214
bugzilla.redhat.com/2224215
bugzilla.redhat.com/2224216
bugzilla.redhat.com/2224217
bugzilla.redhat.com/2224218
bugzilla.redhat.com/2224219
bugzilla.redhat.com/2224220
bugzilla.redhat.com/2224221
bugzilla.redhat.com/2224222
bugzilla.redhat.com/2245014
bugzilla.redhat.com/2245015
bugzilla.redhat.com/2245016
bugzilla.redhat.com/2245017
bugzilla.redhat.com/2245018
bugzilla.redhat.com/2245019
bugzilla.redhat.com/2245020
bugzilla.redhat.com/2245021
bugzilla.redhat.com/2245022
bugzilla.redhat.com/2245023
bugzilla.redhat.com/2245024
bugzilla.redhat.com/2245026
bugzilla.redhat.com/2245027
bugzilla.redhat.com/2245028
bugzilla.redhat.com/2245029
bugzilla.redhat.com/2245030
bugzilla.redhat.com/2245031
bugzilla.redhat.com/2245032
bugzilla.redhat.com/2245033
bugzilla.redhat.com/2245034
bugzilla.redhat.com/2258771
bugzilla.redhat.com/2258772
bugzilla.redhat.com/2258773
bugzilla.redhat.com/2258774
bugzilla.redhat.com/2258775
bugzilla.redhat.com/2258776
bugzilla.redhat.com/2258777
bugzilla.redhat.com/2258778
bugzilla.redhat.com/2258779
bugzilla.redhat.com/2258780
bugzilla.redhat.com/2258781
bugzilla.redhat.com/2258782
bugzilla.redhat.com/2258783
bugzilla.redhat.com/2258784
bugzilla.redhat.com/2258785
bugzilla.redhat.com/2258787
bugzilla.redhat.com/2258788
bugzilla.redhat.com/2258789
bugzilla.redhat.com/2258790
bugzilla.redhat.com/2258791
bugzilla.redhat.com/2258792
bugzilla.redhat.com/2258793
bugzilla.redhat.com/2258794
errata.almalinux.org/9/ALSA-2024-1141.html
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.9%