CVE-2021-35633: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. This is an easily exploitable vulnerability that allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability was disclosed in October 2021 (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 2.7 (LOW) with the vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), with unchanged scope (S:U), and no impact on confidentiality (C:N) or integrity (I:N), but low impact on availability (A:L) (NetApp Advisory).

Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server (Oracle CPU).

Oracle has released patches for this vulnerability as part of the October 2021 Critical Patch Update. Users should update to the latest version of MySQL Server. For systems that cannot be immediately updated, network access controls should be implemented to restrict access to trusted sources (Oracle CPU).