Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2021-2389

Published: 21/07/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Mysql Server

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Append and Prepend commands in the memcached plugin. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql server

netapp snapcenter -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp active iq unified manager -

fedoraproject fedora 34

fedoraproject fedora 35

mariadb mariadb

Vendor Advisories

Red Hat: Moderate: mariadb:10.5 security, bug fix, and enhancement update
Synopsis Moderate: mariadb:105 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the mariadb:105 module is now available for Red Hat Enterprise Linux 8Red Hat Produc ...
Red Hat: Moderate: rh-mariadb105-mariadb security and bug fix update
Synopsis Moderate: rh-mariadb105-mariadb security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-mariadb105-mariadb and rh-mariadb105-galera is now available for Red Hat Software Collec ...
Red Hat: Moderate: mariadb:10.3 security and bug fix update
Synopsis Moderate: mariadb:103 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the mariadb:103 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRe ...
Red Hat: Moderate: rh-mariadb103-mariadb security and bug fix update
Synopsis Moderate: rh-mariadb103-mariadb security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-mariadb103-mariadb and rh-mariadb103-galera is now available for Red Hat Software Collec ...
Red Hat: CVE-2021-2389
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) Supported versions that are affected are 5734 and prior and 8025 and prior Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result i ...
Amazon Linux 2: ALASMARIADB10.5-2023-003
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) Supported versions that are affected are 5734 and prior and 8025 and prior Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result i ...
Arch Linux Issues:
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) Supported versions that are affected are 5734 and prior and 8025 and prior Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result i ...
Amazon Linux 2022: ALAS2022-2022-182
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) Supported versions that are affected are 5734 and prior and 8025 and prior Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result i ...

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-21-880/https://security.netapp.com/advisory/ntap-20210723-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1557https://www.zerodayinitiative.com/advisories/ZDI-21-880/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook