CVE-2021-2022Deserialization of Untrusted Data in Oracle Mysql

CWE-502Deserialization of Untrusted Data48 documents22 sources
Severity
4.4MEDIUMNVD
GHSA7.5OSV8.8OSV5.5
EPSS
0.5%
top 34.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
MariadbGiflib Project GiflibOracle Mysql+2 more
Timeline
PublishedJan 20
Latest updateJan 27

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Avail

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.7 | Impact: 3.6

Affected Packages4 packages

CVEListV5oracle_corporation/mysql_server5.6.50 and prior, 5.7.32 and prior, 8.0.22 and prior+2
NVDoracle/mysql5.6.05.6.50+2
NVDmariadb/mariadb10.1.010.1.46+4
Ubuntugiflib_project/giflib< 5.1.9-1ubuntu0.1+3

Also affects: Fedora 32, 33

🔴Vulnerability Details

6
OSV
giflib vulnerabilities2024-06-10
OSV
ujson vulnerabilities2024-02-14
GHSA
GHSA-vmp3-cr49-pjf6: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB)2022-05-24
GHSA
Deserialization of Untrusted Data in Log4j 1.x2022-01-21
CVEList
CVE-2021-2022: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB)2021-01-20

💥Exploits & PoCs

1
Exploit-DB
PolicyKit-1 0.105-31 - Privilege Escalation2022-01-27

📋Vendor Advisories

12
CISA ICS
Festo Didactic SE MES PC2026-01-27
Oracle
Oracle Oracle Support Tools Risk Matrix: Diagnostic Assistant (Apache MINA) — CVE-2021-419732022-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Policy (aaugustin websockets) — CVE-2021-338802022-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (dnsmasq) — CVE-2021-34482022-01-15
Oracle
Oracle Oracle Essbase Risk Matrix: Infrastructure (mod_auth_openidc) — CVE-2021-207182022-01-15
CVE-2021-2022 — Deserialization of Untrusted Data | cvebase