CVE-2021-35558: 
Oracle Database Server vulnerability analysis and mitigation

Vulnerability in the Core RDBMS component of Oracle Database Server affecting versions 12.1.0.2, 12.2.0.1, 19c, and 21c. This vulnerability was discovered and reported by Yaoguang Chen of Ant Security Light-Year Lab and was disclosed in Oracle's October 2021 Critical Patch Update (Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a low-privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.3, indicating a medium severity level. The CVSS vector is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L), which indicates network attack vector, low attack complexity, low privileges required, no user interaction needed, unchanged scope, and low impact on availability (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Oracle CPU).

Oracle has released patches for this vulnerability as part of the October 2021 Critical Patch Update. The fix is available for affected versions 12.1.0.2, 12.2.0.1, 19c, and 21c. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle CPU).