CVE-2021-2166
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-2166
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-2166.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-2166
- Aliases
- Downstream
- Related
- Published
- 2021-04-22T22:15:13Z
- Modified
- 2025-10-15T12:57:19.368055Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- References
-
- https://security.gentoo.org/glsa/202105-27
- https://security.gentoo.org/glsa/202105-28
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://www.oracle.com/security-alerts/cpuapr2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/
Affected packages
Git / github.com/mariadb/server
Affected versions
mariadb-10.*
mariadb-10.0.25
mariadb-10.0.26
mariadb-10.0.27
mariadb-10.0.28
mariadb-10.0.29
mariadb-10.0.30
mariadb-10.0.31
mariadb-10.0.32
mariadb-10.0.33
mariadb-10.0.34
mariadb-10.0.35
mariadb-10.0.36
mariadb-10.0.37
mariadb-10.0.38
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.36
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.40
mariadb-10.1.41
mariadb-10.1.42
mariadb-10.1.43
mariadb-10.1.44
mariadb-10.1.45
mariadb-10.1.46
mariadb-10.1.47
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.17
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.3
mariadb-10.2.30
mariadb-10.2.31
mariadb-10.2.32
mariadb-10.2.33
mariadb-10.2.34
mariadb-10.2.35
mariadb-10.2.36
mariadb-10.2.37
mariadb-10.2.4
mariadb-10.2.5
mariadb-10.2.6
mariadb-10.2.7
mariadb-10.2.8
mariadb-10.2.9
mariadb-5.*
mariadb-5.5.49
mariadb-5.5.50
mariadb-5.5.51
mariadb-5.5.52
mariadb-5.5.53
mariadb-5.5.54
mariadb-5.5.55
mariadb-5.5.56
mariadb-5.5.57
mariadb-5.5.58
mariadb-5.5.59
mariadb-5.5.60
mariadb-5.5.61
mariadb-5.5.62
mariadb-5.5.63
mariadb-5.5.64
mariadb-5.5.65
mariadb-5.5.66
mariadb-5.5.67
mariadb-5.5.68
mariadb-galera-10.*
mariadb-galera-10.0.25
mariadb-galera-10.0.26
mariadb-galera-10.0.27
mariadb-galera-10.0.28
mariadb-galera-10.0.29
mariadb-galera-10.0.30
mariadb-galera-10.0.31
mariadb-galera-10.0.32
mariadb-galera-10.0.33
mariadb-galera-10.0.34
mariadb-galera-10.0.35
mariadb-galera-10.0.36
mariadb-galera-10.0.37
mariadb-galera-5.*
mariadb-galera-5.5.49
mariadb-galera-5.5.50
mariadb-galera-5.5.51
mariadb-galera-5.5.52
mariadb-galera-5.5.53
mariadb-galera-5.5.54
mariadb-galera-5.5.55
mariadb-galera-5.5.56
mariadb-galera-5.5.57
mariadb-galera-5.5.58
mariadb-galera-5.5.59
mariadb-galera-5.5.60
mariadb-galera-5.5.61
mariadb-galera-5.5.62
mysql-5.*
mysql-5.5.49
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
Database specific
vanir_signatures
[
{
"target": {
"function": "mysql_test_select",
"file": "sql/sql_prepare.cc"
},
"id": "CVE-2021-2166-05c7814c",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "322128387529780625592402890608648572913",
"length": 1382.0
}
},
{
"target": {
"file": "sql/sql_derived.cc"
},
"id": "CVE-2021-2166-0b79189e",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"line_hashes": [
"8376308921794643741701672030968664939",
"232938431702890569967529964990510805858",
"156935383331326070759284374582573215374",
"319188585465869426447694675742810284314",
"195978959015672643546896046468512073720",
"186914805573621586770799268670423495601",
"184098504852850448733505618452706751503",
"257019084214720884159526716952479552926",
"208522982103125932622770522087140256483",
"161126447642095895822482869837686626840",
"260399343256022085728421119837455812260",
"86974682356935820809437566681831043391",
"323198554721651991414320781385521082385",
"73073261068670371719770287508748727990",
"328274921891070475929777568712471794870",
"134715197553679507358974418074540409098",
"161102368812016543595319424570300176101",
"193581079227660862907858489419856964303",
"9625058991100069502652877227768933890"
],
"threshold": 0.9
}
},
{
"target": {
"file": "sql/sql_base.cc"
},
"id": "CVE-2021-2166-192da221",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"line_hashes": [
"168544384147256645351056743036618817406",
"50451342659074436417376011823148259476",
"186318101579849850461204891639931981521",
"218390225894619315967716500252344584557"
],
"threshold": 0.9
}
},
{
"target": {
"function": "mysql_handle_single_derived",
"file": "sql/sql_derived.cc"
},
"id": "CVE-2021-2166-319b8344",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "94106374924971372826460142161729586423",
"length": 913.0
}
},
{
"target": {
"function": "open_normal_and_derived_tables",
"file": "sql/sql_base.cc"
},
"id": "CVE-2021-2166-362ca9d2",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "294940075262138667602358936354965008942",
"length": 597.0
}
},
{
"target": {
"function": "mysql_test_create_table",
"file": "sql/sql_prepare.cc"
},
"id": "CVE-2021-2166-38cdab29",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "235753819923495502702942664180535283210",
"length": 942.0
}
},
{
"target": {
"function": "fill_schema_table_by_open",
"file": "sql/sql_show.cc"
},
"id": "CVE-2021-2166-7b0b2027",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "41437778563358113259307207121800751509",
"length": 2225.0
}
},
{
"target": {
"function": "mysql_handle_derived",
"file": "sql/sql_derived.cc"
},
"id": "CVE-2021-2166-81fce179",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "101931646880406494030966935605892683304",
"length": 1479.0
}
},
{
"target": {
"function": "mysqld_list_fields",
"file": "sql/sql_show.cc"
},
"id": "CVE-2021-2166-8df0282a",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "146040710720366585580707197404632625234",
"length": 1000.0
}
},
{
"target": {
"function": "mysql_test_do_fields",
"file": "sql/sql_prepare.cc"
},
"id": "CVE-2021-2166-956391da",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "282265357197290812965726598369122592845",
"length": 452.0
}
},
{
"target": {
"file": "sql/sql_class.h"
},
"id": "CVE-2021-2166-9d90e26e",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"line_hashes": [
"25659621010009786125164404455603937145",
"244812572285093701929011865903861410272",
"135505733500033385538611137446985357365",
"329449124570590508714789493975010729205",
"171314629574034887773000597308419181797",
"89764016259477326958381951977404856061",
"334855243505824478683610057194996675696"
],
"threshold": 0.9
}
},
{
"target": {
"file": "sql/sql_show.cc"
},
"id": "CVE-2021-2166-a94f21ff",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"line_hashes": [
"209753238693340880041535547327645207005",
"334070641843918206322074786894599376572",
"316310665983206167860018462332509291806",
"232548721670911873680560609057779397011",
"167208539937498664681683735279208545598",
"199585545327948560623734408763450157132",
"76506685930476968229085867394001919863",
"281172649008171803085776340743584734404"
],
"threshold": 0.9
}
},
{
"target": {
"function": "mysql_test_set_fields",
"file": "sql/sql_prepare.cc"
},
"id": "CVE-2021-2166-f4163153",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"function_hash": "194805658341721684859143128259654138627",
"length": 499.0
}
},
{
"target": {
"file": "sql/sql_prepare.cc"
},
"id": "CVE-2021-2166-f9d6bd0f",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
"digest": {
"line_hashes": [
"225110962163697236869617512016214378999",
"271803788401245016054311266015887247976",
"114628426084200241910127751388202670921",
"42628445176351403523529725694633223320",
"101225470818017190287972083985866998692",
"50089665062729635219130237219008110524",
"133595521131707003650803866502738985173",
"223516217828469003607440062498462692971",
"142072693006293248333500908379946308505",
"30545965552448550597052659314849753491",
"88667210771268085064696118079338461125",
"126625423290341858471048495625847257641",
"163916659944676181836255996539400582964",
"62126678808852359200323133039533474712",
"8645302836542464987474811482763832914",
"273608608288985838897703698112404943796"
],
"threshold": 0.9
}
}
]