Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts).

This issue requires that the attacker has logon access to the infrastructure hosting mariadb. The fix for this CVE is also a breaking change for MariaDB and MySQL clients older than version 10.5.25. Considering the tradeoff between the stability of Amazon Linux and the impact and complexity of fixing CVE-2024-21096 will not be provided for mariadb-5.5 in Amazon Linux 2 at this time. If a fix for this CVE is critical to your work, we suggest using mariadb-10.5 in Amazon Linux 2 Extras, which has the fix for CVE-2024-21096.