CVE-2021-2024 — Improper Resource Locking in Oracle Mysql

CWE-413 — Improper Resource Locking CWE-22 — Path Traversal CWE-416 — Use After Free CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation CWE-590 — Free of Memory not on the Heap CWE-822 — Untrusted Pointer Dereference53 documents16 sources

Severity

6.5MEDIUMNVD

GHSA8.8OSV9.8OSV7.8OSV5.5OSV5.3OSV4.7CISA7.5CISA7.2

EPSS

0.6%

top 29.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Mbed Mbedtls Oracle Mysql +1 more

Timeline

PublishedJan 20

Latest updateMar 25

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5oracle_corporation/mysql_server8.0.22 and prior

▶NVDoracle/mysql8.0.0 — 8.0.22

▶Ubuntumbed/mbedtls< 2.8.0-1ubuntu0.1~esm1+3

▶Ubuntulinux/linux_kernel< 4.4.0-259.293+3

🔴Vulnerability Details

OSV

mbedtls vulnerabilities↗2026-03-25

▶

OSV

linux-azure, linux-azure-4.15 vulnerabilities↗2026-03-24

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2026-01-29

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2025-12-15

▶

OSV

linux-aws-fips, linux-fips vulnerabilities↗2025-12-03

▶

💥Exploits & PoCs

Nuclei

Adobe ColdFusion - Arbitrary File Read

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Remote Code Execution Vulnerability↗2025-12-09

▶

Oracle

Oracle Oracle Utilities Applications Risk Matrix: General (jQueryUI) — CVE-2021-41184↗2024-10-15

▶

CISA

Draytek VigorConnect Path Traversal Vulnerability↗2024-09-03

▶

CISA

Microsoft Exchange Server Information Disclosure Vulnerability↗2024-08-21

▶

Oracle

Oracle Oracle MySQL Risk Matrix: Connector/Net (.NET Core) — CVE-2021-24112↗2024-07-15

▶

🕵️Threat Intelligence

Wiz

Crying Out Cloud - February Newsletter | Wiz↗2024-02-01

▶

💬Community

Bugzilla

CVE-2021-47428 kernel: powerpc/64s: fix program check interrupt emergency stack path↗2024-05-22

▶

Bugzilla

CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one↗2024-05-22

▶

Bugzilla

CVE-2021-47408 kernel: netfilter: conntrack: serialize hash resizes and cleanups↗2024-05-22

▶

Bugzilla

CVE-2021-47013 kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send↗2024-02-29

▶