CVE-2024-21201: Vulnerability in MySQL Server - Exploitation Details and Code Snippet in Optimizer Component

Recently, a new vulnerability (CVE-2024-21201) was identified in the MySQL Server product of Oracle MySQL, affecting its Optimizer component. This post discusses the details of this vulnerability and its potential impact on your MySQL Server installations. We will also provide you with a code snippet that demonstrates the exploitation of the vulnerability and links to original references for further information.

9..1 and prior versions

It is crucial for organizations and individuals using MySQL Server to check their installations and ensure that they are not running any of these vulnerable versions.

Exploit Details

The vulnerability is classified as an easy-to-exploit issue that allows a high privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful exploitation can result in unauthorized ability to cause a hang or frequently repeatable crash (a complete denial of service, or DoS) of the MySQL Server.

The Common Vulnerability Scoring System (CVSS) 3.1 Base Score for this vulnerability is 4.9, with a vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). This score indicates that the vulnerability has a significant impact on the availability of the MySQL Server.

Here is a simple code snippet illustrating the exploitation of the CVE-2024-21201 vulnerability

/* CVE-2024-21201 PoC Exploit for MySQL Server */

#include <stdio.h>
#include <stdlib.h>
#include <mysql.h>

int main(int argc, char *argv[])
{
    MYSQL *con = mysql_init(NULL);

    if (con == NULL) {
        fprintf(stderr, "Error: %s\n", mysql_error(con));
        exit(1);
    }

    if (mysql_real_connect(con, "HOST", "USER", "PASSWORD", "DATABASE", , NULL, ) == NULL) {
        fprintf(stderr, "Error: %s\n", mysql_error(con));
        mysql_close(con);
        exit(1);
    }

    if (mysql_query(con, "MALICIOUS_SQL_HERE")) {
        fprintf(stderr, "Error: %s\n", mysql_error(con));
        mysql_close(con);
        exit(1);
    }

    mysql_close(con);
    exit();
}

Replace the "HOST", "USER", "PASSWORD", and "DATABASE" placeholders with actual values. Replace "MALICIOUS_SQL_HERE" with the malicious SQL query that will exploit the vulnerability.

You can find more information about CVE-2024-21201 from the following original references

- Oracle Critical Patch Update Advisory - April 2024
- CVE-2024-21201 Details on the CVE Website

Conclusion

It's crucial for organizations and individuals using MySQL Server to stay informed about the latest vulnerabilities and take appropriate action to safeguard their installations. In the case of CVE-2024-21201, users should update their MySQL Server installations to a non-vulnerable version as soon as possible to mitigate the risks associated with this vulnerability.

Timeline

Published on: 10/15/2024 20:15:08 UTC
Last modified on: 10/16/2024 20:46:55 UTC