CVE-2021-35643 in MySQL Server
Summary
by MITRE • 10/20/2021
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2021-35643 represents a critical availability issue within Oracle MySQL Server's optimizer component, specifically affecting versions 8.0.26 and earlier. This flaw resides in the server's query optimization logic which processes complex database operations and execution plans. The vulnerability operates at a fundamental level within the database engine's core functionality, where the optimizer component handles the parsing and execution of SQL queries that form the backbone of database operations. The affected version range indicates this issue was present in the 8.0.x series before the 8.0.27 release, suggesting a regression or oversight in the optimization algorithms that handle certain query execution paths.
The technical nature of this vulnerability stems from improper handling of specific query patterns within the optimizer's execution flow, leading to potential buffer overflows or memory corruption scenarios. When certain complex SQL operations are processed through the affected MySQL server, the optimizer's internal state management becomes compromised, creating conditions where the server process may become unresponsive or terminate abruptly. The vulnerability's exploitability requires an attacker with high privileges and network access, typically indicating that the attacker already has administrative or root-level access to the database system or network environment. This privilege requirement aligns with the CVSS score's classification of high privilege requirements, suggesting that unauthorized access to the database server itself is necessary for exploitation.
The operational impact of this vulnerability manifests as a complete denial of service condition that can either cause the MySQL server to hang indefinitely or trigger repeated crashes that prevent normal database operations. This availability impact severely compromises database reliability and can lead to significant business disruption when critical applications depend on database connectivity. The vulnerability's potential for causing complete system unavailability makes it particularly dangerous in production environments where database uptime is critical for business operations. Attackers can leverage this vulnerability to repeatedly crash the database server, creating a persistent availability issue that requires manual intervention to restore service.
From a cybersecurity perspective, this vulnerability maps to CWE-121, which describes buffer overflow conditions in stack-based buffers, and potentially CWE-125, which covers out-of-bounds read errors. The attack pattern aligns with techniques described in the MITRE ATT&CK framework under the T1499.004 sub-technique for network denial of service attacks. Organizations should prioritize immediate patching of affected MySQL Server installations to address this vulnerability, as the CVSS score of 4.9 indicates a moderate to high severity impact. The recommended mitigation strategy involves upgrading to MySQL Server version 8.0.27 or later, which contains the necessary fixes to prevent the optimizer from entering the vulnerable state during query processing. Additionally, implementing network segmentation and access controls can help limit the attack surface by restricting network access to privileged database accounts and reducing the likelihood of exploitation through unauthorized network access.