CVE-2021-2171: 
MySQL vulnerability analysis and mitigation

CVE-2021-2171 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Replication component. The vulnerability affects MySQL versions 5.7.33 and prior, and 8.0.23 and prior. This vulnerability was disclosed on April 22, 2021 (Oracle Advisory).

The vulnerability is classified as difficult to exploit and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability has a CVSS 3.1 Base Score of 4.4 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (Oracle Advisory).

Oracle has released patches to address this vulnerability in MySQL versions. Users should upgrade to MySQL version 8.0.25 for version 8.0.x users, or version 5.7.34 for 5.7.x users. Multiple Linux distributions have also released security updates including Ubuntu, which has updated to MySQL 8.0.25 in Ubuntu 20.04 LTS, 20.10, and 21.04, and MySQL 5.7.34 in Ubuntu 18.04 LTS (Ubuntu Notice).