CVE-2021-35604: 
MySQL vulnerability analysis and mitigation

CVE-2021-35604 is a vulnerability in the InnoDB component of Oracle MySQL Server affecting versions 5.7.35 and prior, and 8.0.26 and prior. This vulnerability was disclosed in October 2021 as part of Oracle's Critical Patch Update. The vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU).

The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium severity) with Integrity and Availability impacts. The attack vector is Network (AV:N), with Low attack complexity (AC:L), requiring High privileges (PR:H), no user interaction (UI:N), and Unchanged scope (S:U). The CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (Oracle CPU, NetApp Advisory).

Oracle has released patches for affected versions in the October 2021 Critical Patch Update. Users should upgrade to MySQL Server versions after 5.7.35 or 8.0.26. Various Linux distributions have also released security updates including Fedora which addressed this vulnerability in mariadb-10.5.13 and community-mysql-8.0.27 packages (Oracle CPU, Fedora Update).