CVE-2021-2160: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. This is an easily exploitable vulnerability that allows high privileged attacker with network access via multiple protocols to compromise MySQL Server (Oracle CPUApr2021).

The vulnerability has been assigned a CVSS Base Score of 4.9 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), with unchanged scope (S:U), and impacts only availability (A:H) with no impact to confidentiality or integrity (Oracle CPUApr2021, NetApp Advisory).

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (Oracle CPUApr2021).

Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible. The vulnerability has been fixed in MySQL versions after 5.7.30 and 8.0.17. For systems that cannot be immediately patched, it may be possible to reduce the risk by blocking network protocols required by an attack or removing privileges from users that do not need them (Oracle CPUApr2021).