CVE-2021-2372
First published: Tue Jul 20 2021(Updated: )
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.7.35 | 5.7.35 |
| redhat/mysql | <8.0.26 | 8.0.26 |
| redhat/mariadb | <10.6.4 | 10.6.4 |
| redhat/mariadb | <10.5.12 | 10.5.12 |
| redhat/mariadb | <10.4.21 | 10.4.21 |
| redhat/mariadb | <10.3.31 | 10.3.31 |
| redhat/mariadb | <10.2.40 | 10.2.40 |
| MySQL Server | >=5.7.0<=5.7.34 | |
| MySQL Server | >=8.0.0<=8.0.25 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| netapp active iq unified manager windows | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp SnapCenter | ||
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Mariadb Mariadb | >10.2.0<10.2.40 | |
| Mariadb Mariadb | >10.3.0<10.3.31 | |
| Mariadb Mariadb | >10.4.0<10.4.21 | |
| Mariadb Mariadb | >10.5.0<10.5.12 | |
| Mariadb Mariadb | >10.6.0<10.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992821
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992822
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992824
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992825
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992827
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1992828
- https://access.redhat.com/errata/RHSA-2021:3590
- https://access.redhat.com/security/cve/cve-2021-2372
- https://access.redhat.com/errata/RHSA-2021:3811
- https://access.redhat.com/errata/RHSA-2022:1007
- https://access.redhat.com/errata/RHSA-2022:1010
- https://access.redhat.com/errata/RHSA-2022:1556
- https://access.redhat.com/errata/RHSA-2022:1557
- https://access.redhat.com/errata/RHSA-2022:4818
- https://bugzilla.redhat.com/show_bug.cgi?id=1992303
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/
Frequently Asked Questions
What is the severity of CVE-2021-2372?
CVE-2021-2372 is classified as a difficult to exploit vulnerability that allows a high privileged attacker with network access to compromise the MySQL Server.
How do I fix CVE-2021-2372?
To remediate CVE-2021-2372, upgrade MySQL Server to version 5.7.35 or 8.0.26 and ensure all related software packages are also updated.
Which versions of MySQL Server are affected by CVE-2021-2372?
Affected versions of MySQL Server for CVE-2021-2372 include 5.7.34 and prior, as well as 8.0.25 and prior.
Can CVE-2021-2372 be exploited remotely?
Yes, CVE-2021-2372 can be exploited remotely by attackers with high privileges and network access.
What components of MySQL are affected by CVE-2021-2372?
CVE-2021-2372 specifically affects the InnoDB component of the MySQL Server product.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-2372
- agent/software-canonical-lookup
- agent/author
- agent/description
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/mysql server
- version/mysql server/5.7.0
- version/mysql server/5.7.34
- version/mysql server/8.0.0
- version/mysql server/8.0.25
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp snapcenter
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/mariadb
- canonical/mariadb mariadb