CVE-2021-2293: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure) affects versions 8.0.23 and prior. This vulnerability was disclosed in April 2021 and assigned identifier CVE-2021-2293. The issue specifically impacts the Stored Procedure component of MySQL Server, making it a targeted vulnerability for database systems (Oracle CPUApr2021, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that while the vulnerability is network-accessible (AV:N) and requires low attack complexity (AC:L), it needs high privileges (PR:H) to exploit. No user interaction (UI:N) is required, the scope is unchanged (S:U), and it primarily impacts system availability (A:H) with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of MySQL Server. The impact is limited to availability with no direct effect on data confidentiality or integrity (NVD).

Oracle has released patches to address this vulnerability in their April 2021 Critical Patch Update. Users are advised to upgrade MySQL Server installations to versions newer than 8.0.23. NetApp has also released security advisories and patches for their affected products (NetApp Advisory).