CVE-2021-2417: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS), identified as CVE-2021-2417. The vulnerability affects MySQL Server versions 8.0.25 and prior. This is an easily exploitable vulnerability that allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (NVD, Oracle Advisory).

The vulnerability has a CVSS 3.1 Base Score of 6.0 (Confidentiality, Integrity and Availability impacts) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H. The vulnerability requires a high-privileged attacker with network access, but is considered easily exploitable with low attack complexity and requires no user interaction (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Additionally, it can lead to unauthorized update, insert or delete access to some MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data (Oracle Advisory).

Oracle has released patches to address this vulnerability in their July 2021 Critical Patch Update. Users should upgrade to the latest version of MySQL Server. For systems that cannot be immediately upgraded, network access controls should be implemented to restrict access to trusted users only (Oracle Advisory, NetApp Advisory).