CVE-2021-2166

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-2166
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-2166.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-2166
Aliases
Downstream
Related
Published
2021-04-22T22:15:13Z
Modified
2025-09-30T04:09:37.749565Z
Summary
[none]
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events

Affected versions

mariadb-10.*

mariadb-10.0.25
mariadb-10.0.26
mariadb-10.0.27
mariadb-10.0.28
mariadb-10.0.29
mariadb-10.0.30
mariadb-10.0.31
mariadb-10.0.32
mariadb-10.0.33
mariadb-10.0.34
mariadb-10.0.35
mariadb-10.0.36
mariadb-10.0.37
mariadb-10.0.38
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.36
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.40
mariadb-10.1.41
mariadb-10.1.42
mariadb-10.1.43
mariadb-10.1.44
mariadb-10.1.45
mariadb-10.1.46
mariadb-10.1.47
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.17
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.3
mariadb-10.2.30
mariadb-10.2.31
mariadb-10.2.32
mariadb-10.2.33
mariadb-10.2.34
mariadb-10.2.35
mariadb-10.2.36
mariadb-10.2.37
mariadb-10.2.4
mariadb-10.2.5
mariadb-10.2.6
mariadb-10.2.7
mariadb-10.2.8
mariadb-10.2.9

mariadb-5.*

mariadb-5.5.49
mariadb-5.5.50
mariadb-5.5.51
mariadb-5.5.52
mariadb-5.5.53
mariadb-5.5.54
mariadb-5.5.55
mariadb-5.5.56
mariadb-5.5.57
mariadb-5.5.58
mariadb-5.5.59
mariadb-5.5.60
mariadb-5.5.61
mariadb-5.5.62
mariadb-5.5.63
mariadb-5.5.64
mariadb-5.5.65
mariadb-5.5.66
mariadb-5.5.67
mariadb-5.5.68

mariadb-galera-10.*

mariadb-galera-10.0.25
mariadb-galera-10.0.26
mariadb-galera-10.0.27
mariadb-galera-10.0.28
mariadb-galera-10.0.29
mariadb-galera-10.0.30
mariadb-galera-10.0.31
mariadb-galera-10.0.32
mariadb-galera-10.0.33
mariadb-galera-10.0.34
mariadb-galera-10.0.35
mariadb-galera-10.0.36
mariadb-galera-10.0.37

mariadb-galera-5.*

mariadb-galera-5.5.49
mariadb-galera-5.5.50
mariadb-galera-5.5.51
mariadb-galera-5.5.52
mariadb-galera-5.5.53
mariadb-galera-5.5.54
mariadb-galera-5.5.55
mariadb-galera-5.5.56
mariadb-galera-5.5.57
mariadb-galera-5.5.58
mariadb-galera-5.5.59
mariadb-galera-5.5.60
mariadb-galera-5.5.61
mariadb-galera-5.5.62

mysql-5.*

mysql-5.5.49
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "target": {
                "function": "mysql_test_select",
                "file": "sql/sql_prepare.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-05c7814c",
            "signature_version": "v1",
            "digest": {
                "function_hash": "322128387529780625592402890608648572913",
                "length": 1382.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "sql/sql_derived.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Line",
            "id": "CVE-2021-2166-0b79189e",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "8376308921794643741701672030968664939",
                    "232938431702890569967529964990510805858",
                    "156935383331326070759284374582573215374",
                    "319188585465869426447694675742810284314",
                    "195978959015672643546896046468512073720",
                    "186914805573621586770799268670423495601",
                    "184098504852850448733505618452706751503",
                    "257019084214720884159526716952479552926",
                    "208522982103125932622770522087140256483",
                    "161126447642095895822482869837686626840",
                    "260399343256022085728421119837455812260",
                    "86974682356935820809437566681831043391",
                    "323198554721651991414320781385521082385",
                    "73073261068670371719770287508748727990",
                    "328274921891070475929777568712471794870",
                    "134715197553679507358974418074540409098",
                    "161102368812016543595319424570300176101",
                    "193581079227660862907858489419856964303",
                    "9625058991100069502652877227768933890"
                ],
                "threshold": 0.9
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "sql/sql_base.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Line",
            "id": "CVE-2021-2166-192da221",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "168544384147256645351056743036618817406",
                    "50451342659074436417376011823148259476",
                    "186318101579849850461204891639931981521",
                    "218390225894619315967716500252344584557"
                ],
                "threshold": 0.9
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysql_handle_single_derived",
                "file": "sql/sql_derived.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-319b8344",
            "signature_version": "v1",
            "digest": {
                "function_hash": "94106374924971372826460142161729586423",
                "length": 913.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "open_normal_and_derived_tables",
                "file": "sql/sql_base.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-362ca9d2",
            "signature_version": "v1",
            "digest": {
                "function_hash": "294940075262138667602358936354965008942",
                "length": 597.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysql_test_create_table",
                "file": "sql/sql_prepare.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-38cdab29",
            "signature_version": "v1",
            "digest": {
                "function_hash": "235753819923495502702942664180535283210",
                "length": 942.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "fill_schema_table_by_open",
                "file": "sql/sql_show.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-7b0b2027",
            "signature_version": "v1",
            "digest": {
                "function_hash": "41437778563358113259307207121800751509",
                "length": 2225.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysql_handle_derived",
                "file": "sql/sql_derived.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-81fce179",
            "signature_version": "v1",
            "digest": {
                "function_hash": "101931646880406494030966935605892683304",
                "length": 1479.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysqld_list_fields",
                "file": "sql/sql_show.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-8df0282a",
            "signature_version": "v1",
            "digest": {
                "function_hash": "146040710720366585580707197404632625234",
                "length": 1000.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysql_test_do_fields",
                "file": "sql/sql_prepare.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-956391da",
            "signature_version": "v1",
            "digest": {
                "function_hash": "282265357197290812965726598369122592845",
                "length": 452.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "sql/sql_class.h"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Line",
            "id": "CVE-2021-2166-9d90e26e",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "25659621010009786125164404455603937145",
                    "244812572285093701929011865903861410272",
                    "135505733500033385538611137446985357365",
                    "329449124570590508714789493975010729205",
                    "171314629574034887773000597308419181797",
                    "89764016259477326958381951977404856061",
                    "334855243505824478683610057194996675696"
                ],
                "threshold": 0.9
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "sql/sql_show.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Line",
            "id": "CVE-2021-2166-a94f21ff",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "209753238693340880041535547327645207005",
                    "334070641843918206322074786894599376572",
                    "316310665983206167860018462332509291806",
                    "232548721670911873680560609057779397011",
                    "167208539937498664681683735279208545598",
                    "199585545327948560623734408763450157132",
                    "76506685930476968229085867394001919863",
                    "281172649008171803085776340743584734404"
                ],
                "threshold": 0.9
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "mysql_test_set_fields",
                "file": "sql/sql_prepare.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Function",
            "id": "CVE-2021-2166-f4163153",
            "signature_version": "v1",
            "digest": {
                "function_hash": "194805658341721684859143128259654138627",
                "length": 499.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "sql/sql_prepare.cc"
            },
            "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
            "signature_type": "Line",
            "id": "CVE-2021-2166-f9d6bd0f",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "225110962163697236869617512016214378999",
                    "271803788401245016054311266015887247976",
                    "114628426084200241910127751388202670921",
                    "42628445176351403523529725694633223320",
                    "101225470818017190287972083985866998692",
                    "50089665062729635219130237219008110524",
                    "133595521131707003650803866502738985173",
                    "223516217828469003607440062498462692971",
                    "142072693006293248333500908379946308505",
                    "30545965552448550597052659314849753491",
                    "88667210771268085064696118079338461125",
                    "126625423290341858471048495625847257641",
                    "163916659944676181836255996539400582964",
                    "62126678808852359200323133039533474712",
                    "8645302836542464987474811482763832914",
                    "273608608288985838897703698112404943796"
                ],
                "threshold": 0.9
            }
        }
    ]
}