CVE-2021-35604 in MySQL Server
Summary
by MITRE • 10/20/2021
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 12/12/2024
The vulnerability identified as CVE-2021-35604 represents a critical flaw within Oracle MySQL Server's InnoDB storage engine component that affects multiple version ranges including 5.7.35 and earlier, as well as 8.0.26 and prior versions. This vulnerability falls under the Common Weakness Enumeration category CWE-121, which deals with stack-based buffer overflow conditions, and specifically manifests as a privilege escalation issue within database management systems. The flaw enables attackers with high privileges and network access to exploit the system through various protocols, making it particularly dangerous in environments where administrative access might be compromised or where network boundaries are not properly secured.
The technical nature of this vulnerability stems from improper handling of certain database operations within the InnoDB storage engine that can lead to memory corruption conditions. When exploited, the vulnerability allows attackers to manipulate database server processes in ways that can result in complete denial of service through system hangs or repeated crashes, while simultaneously providing unauthorized access to modify database contents. The CVSS score of 5.5 indicates a moderate to high severity impact with specific emphasis on integrity and availability concerns, as the vulnerability can enable unauthorized data modification and complete system disruption. The attack vector requires network access and high privileges, suggesting that this vulnerability is most dangerous in environments where administrative accounts are not properly secured or where privilege escalation has already occurred.
From an operational impact perspective, this vulnerability poses significant risks to database availability and data integrity within MySQL environments. The ability to cause complete denial of service means that database operations can be disrupted entirely, potentially affecting business-critical applications that depend on database availability. Additionally, the unauthorized update, insert, or delete capabilities create serious data integrity concerns where attackers could modify or corrupt database contents without detection. Organizations running affected MySQL versions face potential data loss, service disruption, and compliance violations that could result in financial and reputational damage. The vulnerability's exploitability factor of low complexity combined with its high privilege requirement means that it is particularly dangerous in scenarios where attackers have already gained administrative access to database systems.
Organizations should immediately implement mitigation strategies including applying the relevant Oracle security patches and updates as soon as they become available, which typically address the underlying memory handling issues within the InnoDB component. Network segmentation and access control measures should be reinforced to limit exposure of database systems to untrusted networks and to ensure that administrative privileges are properly restricted and monitored. Regular security audits and privilege reviews should be conducted to identify and remediate potential escalation paths that could lead to exploitation of this vulnerability. Additionally, implementing database activity monitoring and logging mechanisms can help detect unauthorized modifications to database contents that might indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1078 for valid accounts and T1499 for endpoint denial of service, making it a significant concern for organizations following the MITRE ATT&CK framework for threat analysis and defense planning.