Login Sign Up

CVE-2021-35583

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows unauthenticated attackers to cause a denial of service (DoS) on MySQL Server running on Windows by crashing or hanging the service. It affects MySQL Server versions 8.0.25 and earlier on Windows systems. Attackers can exploit this remotely without any authentication.

💻 Affected Systems

Products:
  • Oracle MySQL Server
Versions: 8.0.25 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects MySQL Server running on Windows operating systems. Linux/Unix versions are not affected.

📦 What is this software?

Mysql Server by Oracle

View all CVEs affecting Mysql Server →

Oncommand Insight by Netapp

View all CVEs affecting Oncommand Insight →

Snapcenter by Netapp

View all CVEs affecting Snapcenter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of MySQL Server, disrupting all database-dependent applications and services.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary application downtime.

🟢

If Mitigated

No impact if patched or if MySQL is not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation via network protocols makes internet-facing instances extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes this as 'easily exploitable' with low attack complexity. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.26 and later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2021.html

Restart Required: Yes

Instructions:

1. Download MySQL 8.0.26 or later from Oracle's website. 2. Backup your databases. 3. Stop the MySQL service. 4. Install the updated version. 5. Restart the MySQL service. 6. Verify the version is 8.0.26 or higher.

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict network access to MySQL Server to only trusted hosts and applications.

Use Windows Firewall: netsh advfirewall firewall add rule name="MySQL Restrict" dir=in action=allow protocol=TCP localport=3306 remoteip=192.168.1.0/24

Service Account Hardening

windows

Run MySQL service under a least-privilege account to limit potential damage.

sc config MySQL binPath= "C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe" --defaults-file="C:\ProgramData\MySQL\MySQL Server 8.0\my.ini" MySQL obj= "NT AUTHORITY\NetworkService"

🧯 If You Can't Patch

  • Implement strict network access controls to limit MySQL Server exposure to only necessary IP addresses.
  • Monitor MySQL Server logs and performance metrics for unusual crash patterns or connection attempts.

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: mysql --version or SELECT VERSION(); in MySQL client. If version is 8.0.25 or earlier and running on Windows, the system is vulnerable.

Check Version:

mysql --version

Verify Fix Applied:

After patching, verify version is 8.0.26 or higher using mysql --version or SELECT VERSION();

📡 Detection & Monitoring

Log Indicators:

  • Unexpected MySQL service crashes in Windows Event Logs
  • Error logs showing abnormal termination
  • Frequent service restarts in system logs

Network Indicators:

  • Unusual traffic patterns to MySQL port 3306 from unexpected sources
  • Multiple connection attempts followed by service disruption

SIEM Query:

source="Windows Event Logs" EventID=7034 OR EventID=7036 ServiceName="MySQL" | stats count by _time

📊 Metadata

CVE ID: CVE-2021-35583
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: October 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON