CVE-2021-35597: 
MySQL vulnerability analysis and mitigation

A vulnerability was discovered in the MySQL Client product of Oracle MySQL (component: C API) affecting versions 8.0.26 and prior. The vulnerability is tracked as CVE-2021-35597 and was disclosed in October 2021. This is an easily exploitable vulnerability that allows low privileged attackers with network access via multiple protocols to compromise MySQL Client (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and only impacts availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. The vulnerability only affects availability with no impact on confidentiality or integrity (Oracle Advisory, NetApp Advisory).

Oracle has released patches to address this vulnerability in MySQL Client versions after 8.0.26. Users are strongly recommended to update to the latest version. The fix was included in MySQL version 8.0.27 and distributed through various vendors including Fedora, Ubuntu, and Red Hat (Oracle Advisory, Ubuntu Notice).