CVE-2021-2021 — Use After Free in Oracle Mysql

CWE-416 — Use After Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835 — Infinite Loop CWE-402 — Resource Leak CWE-1100 — Insufficient Isolation of System-Dependent Functions CWE-476 — NULL Pointer Dereference CWE-20 — Improper Input Validation CWE-668 — Resource Exposure CWE-787 — Out-of-bounds Write CWE-79 — Cross-site Scripting CWE-415 — Double Free CWE-401 — Missing Release of Memory after Effective Lifetime CWE-190 — Integer Overflow or Wraparound CWE-674 — Uncontrolled Recursion CWE-200 — Sensitive Information Exposure58 documents24 sources

Severity

4.9MEDIUMNVD

OSV8.8

EPSS

51.8%

top 2.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Intel Optimization FOR Tensorflow Giflib Project Giflib +5 more

Timeline

PublishedJan 20

Latest updateJun 19

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5oracle_corporation/mysql_server8.0.22 and prior

▶NVDoracle/mysql8.0.0 — 8.0.22

▶Gogithub.com/hashicorp_nomad1.0.0 — 1.0.5+1

▶PyPIintel/optimization_for_tensorflow2.2.0 — 2.2.3+3

▶Ubuntugiflib_project/giflib< 5.1.9-1ubuntu0.1+3

Also affects: Fedora 32, 33

🔴Vulnerability Details

OSV

giflib vulnerabilities↗2024-06-10

▶

GHSA

GHSA-89wm-w7vg-fqcp: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer)↗2022-05-24

▶

GHSA

yetiforcecrm is vulnerable to Cross-site Scripting↗2021-12-17

▶

GHSA

Double free in through↗2021-08-25

▶

GHSA

Improper network isolation in Hashicorp Nomad↗2021-06-24

▶

💥Exploits & PoCs

Nuclei

Adobe ColdFusion - Access Control Bypass

▶

📋Vendor Advisories

Red Hat

kernel: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg↗2024-06-19

▶

Red Hat

kernel: gfs2: Fix use-after-free in gfs2_glock_shrink_scan↗2024-05-21

▶

Red Hat

kernel: net: cdc_eem: fix tx fixup skb leak↗2024-05-21

▶

Microsoft

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potent↗2022-02-08

▶

Red Hat

vim: Heap use-after-free in ml_append_int function↗2021-11-19

▶

🕵️Threat Intelligence

Huntress

CVE-2021-45046 Vulnerability: Analysis, Impact, Mitigation | Huntress↗

▶