CVE-2021-2230: 
MySQL vulnerability analysis and mitigation

CVE-2021-2230 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. The vulnerability affects MySQL versions 8.0.23 and prior. This vulnerability was disclosed in April 2021 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is classified as an easily exploitable vulnerability that allows high-privileged attackers with network access to compromise MySQL Server via multiple protocols. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server (NVD).

Oracle has released patches to address this vulnerability in their April 2021 Critical Patch Update. Users should upgrade to the latest version of MySQL Server. For systems that cannot be immediately patched, limiting network access to trusted high-privileged users may help reduce the risk (Oracle CPU).

The vulnerability was discovered and reported by Yaoguang Chen of Ant Security Light-Year Lab (Oracle CPU). Multiple vendors including NetApp have acknowledged the vulnerability and provided patches for their affected products (NetApp Advisory).