CVE-2021-35633 in MySQL Server
Summary
by MITRE • 10/20/2021
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2021-35633 represents a significant security flaw within Oracle MySQL Server's logging component that affects versions 8.0.26 and earlier. This issue resides within the Server: Logging subsystem, which is critical for maintaining database integrity and operational transparency. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this weakness to compromise the MySQL server instance. The attack vector operates through multiple protocols, making the threat surface broader and more accessible to potential adversaries. The CVSS 3.1 scoring system assigns a base score of 2.7, reflecting the availability impact category with a low attack complexity and high privilege requirements. This vulnerability demonstrates the inherent risk in database logging mechanisms where improper access controls can lead to service disruption.
The technical implementation of this vulnerability stems from inadequate privilege controls within the MySQL server's logging infrastructure. When high-privileged attackers gain network access to the system, they can manipulate logging processes to create partial denial of service conditions. This specific weakness allows attackers to compromise the server's availability without necessarily gaining full system control or accessing sensitive data. The partial denial of service impact means that while the server remains operational, its ability to process legitimate requests may be impaired, potentially affecting business operations and data accessibility. The vulnerability's exploitation requires an attacker to already possess high privileges, suggesting that the issue may stem from insufficient access control validation during logging operations rather than fundamental architectural flaws. This characteristic places the vulnerability in the context of privilege escalation and access control failures that are commonly associated with CWE-284 (Improper Access Control) and CWE-310 (Cryptographic Issues).
The operational impact of CVE-2021-35633 extends beyond simple service interruption, as database availability is fundamental to most enterprise applications. Organizations relying on MySQL for critical data operations may experience reduced system reliability and potential business disruption when this vulnerability is exploited. The partial denial of service condition can manifest through various logging-related disruptions including log file corruption, excessive resource consumption during logging operations, or manipulation of logging configurations that affect server responsiveness. The vulnerability's presence in the logging component is particularly concerning because logging systems are often considered trusted components that should not be easily compromised by privileged users. This weakness can potentially be leveraged as part of broader attack strategies where attackers use the logging subsystem as a foothold for further exploitation or to obscure their activities within the system. The attack's requirement for high privileges suggests that the vulnerability may be more relevant in environments where privilege separation is not properly enforced or where administrative accounts are compromised.
Organizations should prioritize immediate patching of affected MySQL Server installations to address this vulnerability, as the CVSS score indicates a moderate risk level that can escalate based on the specific operational environment. The mitigation strategy should include implementing proper privilege management protocols to limit access to high-privilege accounts and monitoring logging activities for suspicious manipulation patterns. Security teams should also consider implementing network segmentation and access controls to reduce the attack surface available to privileged users. The vulnerability's classification under the ATT&CK framework would likely align with techniques involving privilege escalation and defense evasion, where attackers manipulate system components to maintain access or disrupt services. Regular security assessments should focus on logging configurations and access controls to prevent exploitation of similar weaknesses in database systems. Additionally, organizations should implement comprehensive monitoring solutions that can detect unusual logging behavior or unauthorized configuration changes that might indicate exploitation attempts. The remediation process should also include reviewing and updating access control policies to ensure that the principle of least privilege is maintained across all database administrative functions.