CVE-2021-35607: 
MySQL vulnerability analysis and mitigation

A vulnerability was identified in the MySQL Server product of Oracle MySQL, specifically affecting the Server: DML component. The vulnerability impacts versions 8.0.26 and prior. This security flaw was disclosed in October 2021 and is tracked as CVE-2021-35607. The vulnerability is considered easily exploitable by low-privileged attackers with network access via multiple protocols (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium severity), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and doesn't require user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity (Oracle Advisory, NetApp Advisory).

Oracle has released patches to address this vulnerability in their October 2021 Critical Patch Update. Users are strongly advised to update to versions newer than 8.0.26. The fix is included in MySQL version 8.0.27 (Oracle Advisory).