CVE-2021-2429: 
MySQL vulnerability analysis and mitigation

A vulnerability in MySQL Server's InnoDB memcached plugin was identified as CVE-2021-2429. This heap-based buffer overflow vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. The vulnerability was discovered and disclosed in July 2021, affecting MySQL Server versions 5.7.34 and prior, as well as 8.0.25 and prior (Oracle CPE, ZDI Advisory).

The vulnerability exists within the processing of InnoDB commands. The specific flaw results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a high severity issue (ZDI Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the service account. The vulnerability enables remote attackers to potentially take complete control of the affected MySQL Server installation without requiring authentication (ZDI Advisory).

Oracle has released security patches to address this vulnerability in their July 2021 Critical Patch Update. Users are strongly advised to update to MySQL Server versions newer than 5.7.34 or 8.0.25 (Oracle CPE).