The version of MySQL running on the remote host is 8.0.x prior to 8.0.26. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the July 2021 Critical Patch Update advisory:

  - curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being   used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate   circumstances to potentially reach remote code execution in the client. (CVE-2021-22901)

  - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting   applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.)   (CVE-2019-17543)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected   are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with   network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result   in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
  (CVE-2021-2372)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

MySQL 8.0.x < 8.0.26 Multiple Vulnerabilities (Jul 2021 CPU)

high Nessus Plugin ID 151968

Version 1.11

Version 1.10

Version 1.9

Version 1.11 Dec 7, 2023, 3:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312071525
Version 1.10 Nov 2, 2023, 4:31 AM IAVM reference Plugin Feed: 202311020431
Version 1.9 Dec 6, 2022, 6:53 AM Reference Plugin Feed: 202212060653