PT-2021-1796 · Oracle+6 · Mysql Server+5

Published

2020-11-13

Updated

2022-01-04

CVE-2021-2042

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.21 and prior

Description: The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a high-privileged attacker with logon to the infrastructure where MySQL Server executes to compromise the server. Successful attacks can result in unauthorized read access to a subset of MySQL Server accessible data. The vulnerability can also cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Recommendations: For versions 8.0.21 and prior, update to a version later than 8.0.21 to resolve the issue. As a temporary workaround, consider restricting access to the InnoDB component to minimize the risk of exploitation. Additionally, ensure that only necessary privileges are granted to users to reduce the potential impact of the vulnerability.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:3590

ALT-PU-2020-3284

ALT-PU-2021-2380

ALT-PU-2021-3668

BDU:2021-00517

CESA-2021_3590

CVE-2021-2042

OESA-2021-1088

RHSA-2021:3590

RHSA-2021:3811

RHSA-2021_3590

RLSA-2021:3590

Affected Products

Alt Linux

Almalinux

Centos

Mysql Server

Red Hat

Rocky Linux

PT-2021-1796 · Oracle+6 · Mysql Server+5

CVE-2021-2042

Weakness Enumeration

Related Identifiers

Affected Products

References · 327