CVE-2021-35575: 
MySQL vulnerability analysis and mitigation

A vulnerability was identified in the MySQL Server product of Oracle MySQL, specifically affecting the Server Optimizer component. The vulnerability affects MySQL versions 8.0.26 and prior. This security issue was disclosed on October 20, 2021, and tracked as CVE-2021-35575 (NVD, Oracle Advisory).

The vulnerability is classified as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. This indicates network attack vector, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability specifically impacts the availability of the system while having no direct impact on confidentiality or integrity (NVD).

Oracle has released patches to address this vulnerability in MySQL version 8.0.27. Various Linux distributions have also provided security updates, including Ubuntu (versions 20.04 LTS, 21.04, and 21.10) and Fedora (versions 33, 34, and 35). Users are strongly advised to upgrade to the patched versions (Ubuntu Notice, Fedora Updates).