CVE-2021-35608 in MySQL Serverinfo

Summary

by MITRE • 10/20/2021

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/17/2025

The vulnerability identified as CVE-2021-35608 resides within the MySQL Server's Group Replication Plugin component, representing a significant security flaw that affects MySQL Server versions 8.0.26 and earlier. This issue manifests as a remote code execution vulnerability that can be exploited by attackers with minimal privileges and network access through multiple protocols. The vulnerability's classification as difficult to exploit indicates that while the attack vector requires some technical expertise, the potential impact on system availability makes it particularly concerning for database environments that rely heavily on group replication functionality. The affected component specifically targets the group replication plugin which is essential for maintaining data consistency across multiple MySQL servers in a replicated environment, making this vulnerability particularly dangerous for distributed database systems.

The technical nature of this vulnerability stems from improper handling of certain operations within the Group Replication Plugin that can lead to memory corruption or resource exhaustion conditions. When exploited, the vulnerability allows an attacker to cause repeated crashes or system hangs that result in complete denial of service conditions for the MySQL Server instance. The CVSS score of 5.3 reflects the medium severity level, with the availability impact being the primary concern given the potential for complete system downtime. The attack vector requires network access with low privileges, meaning that even users with minimal database permissions could potentially leverage this vulnerability to disrupt services. This weakness operates at the protocol level, making it accessible through multiple communication channels that MySQL typically supports, thereby expanding the potential attack surface.

The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise entire database infrastructures that depend on group replication for high availability and data consistency. Organizations running MySQL Server versions prior to 8.0.27 face significant risk of service interruptions that could affect critical business applications relying on database availability. The repeated crash capability means that even a single successful exploitation attempt could lead to sustained service degradation, requiring manual intervention to restore normal operations. This vulnerability particularly affects enterprise environments where database uptime is critical, as group replication is commonly implemented in production systems to ensure data availability and disaster recovery capabilities. The potential for complete DOS conditions makes this a serious concern for database administrators who must maintain system reliability and service level agreements.

Mitigation strategies for CVE-2021-35608 primarily focus on immediate patching of affected MySQL Server installations to version 8.0.27 or later, which contains the necessary fixes for the group replication plugin vulnerability. Organizations should prioritize updating their MySQL installations as a critical security measure, particularly in production environments where group replication is actively used. Network segmentation and access controls should be implemented to limit exposure of MySQL servers to untrusted networks, reducing the attack surface for potential exploitation attempts. Monitoring systems should be enhanced to detect unusual patterns of service disruptions or crash events that might indicate exploitation of this vulnerability. Additionally, database administrators should review and restrict user privileges to minimize the potential impact of any successful exploitation attempts, as the vulnerability specifically targets low privilege attackers. The vulnerability aligns with CWE-125, which addresses out-of-bounds read conditions, and may relate to ATT&CK techniques involving privilege escalation and denial of service operations, making it a critical concern for organizations implementing comprehensive security frameworks.

Responsible

Oracle

Reservation

06/28/2021

Disclosure

10/20/2021

Moderation

accepted

CPE

ready

EPSS

0.02126

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!