CVE-2021-2006 : Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Su

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published 2021-01-20 15:15:46

Updated 2022-03-30 19:20:02

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-2006

Oracle » Mysql
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.19
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Windows
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-2006

EPSS FAQ

1.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-2006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:N/I:N/A:C	6.8	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H	1.6	3.6	Oracle
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2021-2006

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/

[SECURITY] Fedora 32 Update: mysql-connector-odbc-8.0.23-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202105-27

MySQL: Multiple vulnerabilities (GLSA 202105-27) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Vendor Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/

[SECURITY] Fedora 33 Update: community-mysql-8.0.23-1.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20210622-0001/

February 2021 MySQL Client Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-2006

Products affected by CVE-2021-2006

Exploit prediction scoring system (EPSS) score for CVE-2021-2006

CVSS scores for CVE-2021-2006

References for CVE-2021-2006