CVE-2021-2390

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

History

26 Jul 2021, 16:28

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210723-0001/ - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2021.html - (MISC) https://www.oracle.com/security-alerts/cpujul2021.html - Vendor Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-881/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-881/ - Third Party Advisory
CVSS v2 : unknown
v3 : 5.9
v2 : 7.1
v3 : 5.9
CWE CWE-20

23 Jul 2021, 12:15

Type Values Removed Values Added
References
  • (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-881/ -

22 Jul 2021, 07:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

21 Jul 2021, 15:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-21 15:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-2390

Mitre link : CVE-2021-2390

CVE.ORG link : CVE-2021-2390


JSON object : View

Products Affected

netapp

  • oncommand_insight

oracle

  • mysql_server
CWE
CWE-191

Integer Underflow (Wrap or Wraparound)