cve 2024 20967

CVE-2024-20967 is a medium-severity vulnerability in Oracle's MySQL Server, disclosed in the January 2024 Critical Patch Update. It is an easily exploitable replication bug that can be triggered by a high-privileged, network-connected account to crash or hang mysqld, and in some cases allow unauthorized updates, inserts, or deletes on accessible data. The flaw affects multiple MySQL release lines and was patched in the January 16, 2024 CPU. Administrators should prioritize patching exposed instances that permit privileged network connections.