CVE-2021-2166

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-2166
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-2166.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-2166
Aliases
Downstream
Related
Published
2021-04-22T22:15:13Z
Modified
2025-10-15T12:57:19.368055Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events

Affected versions

mariadb-10.*

mariadb-10.0.25
mariadb-10.0.26
mariadb-10.0.27
mariadb-10.0.28
mariadb-10.0.29
mariadb-10.0.30
mariadb-10.0.31
mariadb-10.0.32
mariadb-10.0.33
mariadb-10.0.34
mariadb-10.0.35
mariadb-10.0.36
mariadb-10.0.37
mariadb-10.0.38
mariadb-10.1.14
mariadb-10.1.15
mariadb-10.1.16
mariadb-10.1.17
mariadb-10.1.18
mariadb-10.1.19
mariadb-10.1.20
mariadb-10.1.21
mariadb-10.1.22
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.36
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.40
mariadb-10.1.41
mariadb-10.1.42
mariadb-10.1.43
mariadb-10.1.44
mariadb-10.1.45
mariadb-10.1.46
mariadb-10.1.47
mariadb-10.2.0
mariadb-10.2.1
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.17
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.2
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.3
mariadb-10.2.30
mariadb-10.2.31
mariadb-10.2.32
mariadb-10.2.33
mariadb-10.2.34
mariadb-10.2.35
mariadb-10.2.36
mariadb-10.2.37
mariadb-10.2.4
mariadb-10.2.5
mariadb-10.2.6
mariadb-10.2.7
mariadb-10.2.8
mariadb-10.2.9

mariadb-5.*

mariadb-5.5.49
mariadb-5.5.50
mariadb-5.5.51
mariadb-5.5.52
mariadb-5.5.53
mariadb-5.5.54
mariadb-5.5.55
mariadb-5.5.56
mariadb-5.5.57
mariadb-5.5.58
mariadb-5.5.59
mariadb-5.5.60
mariadb-5.5.61
mariadb-5.5.62
mariadb-5.5.63
mariadb-5.5.64
mariadb-5.5.65
mariadb-5.5.66
mariadb-5.5.67
mariadb-5.5.68

mariadb-galera-10.*

mariadb-galera-10.0.25
mariadb-galera-10.0.26
mariadb-galera-10.0.27
mariadb-galera-10.0.28
mariadb-galera-10.0.29
mariadb-galera-10.0.30
mariadb-galera-10.0.31
mariadb-galera-10.0.32
mariadb-galera-10.0.33
mariadb-galera-10.0.34
mariadb-galera-10.0.35
mariadb-galera-10.0.36
mariadb-galera-10.0.37

mariadb-galera-5.*

mariadb-galera-5.5.49
mariadb-galera-5.5.50
mariadb-galera-5.5.51
mariadb-galera-5.5.52
mariadb-galera-5.5.53
mariadb-galera-5.5.54
mariadb-galera-5.5.55
mariadb-galera-5.5.56
mariadb-galera-5.5.57
mariadb-galera-5.5.58
mariadb-galera-5.5.59
mariadb-galera-5.5.60
mariadb-galera-5.5.61
mariadb-galera-5.5.62

mysql-5.*

mysql-5.5.49
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-05c7814c",
        "target": {
            "file": "sql/sql_prepare.cc",
            "function": "mysql_test_select"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "322128387529780625592402890608648572913",
            "length": 1382.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-0b79189e",
        "target": {
            "file": "sql/sql_derived.cc"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "line_hashes": [
                "8376308921794643741701672030968664939",
                "232938431702890569967529964990510805858",
                "156935383331326070759284374582573215374",
                "319188585465869426447694675742810284314",
                "195978959015672643546896046468512073720",
                "186914805573621586770799268670423495601",
                "184098504852850448733505618452706751503",
                "257019084214720884159526716952479552926",
                "208522982103125932622770522087140256483",
                "161126447642095895822482869837686626840",
                "260399343256022085728421119837455812260",
                "86974682356935820809437566681831043391",
                "323198554721651991414320781385521082385",
                "73073261068670371719770287508748727990",
                "328274921891070475929777568712471794870",
                "134715197553679507358974418074540409098",
                "161102368812016543595319424570300176101",
                "193581079227660862907858489419856964303",
                "9625058991100069502652877227768933890"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-192da221",
        "target": {
            "file": "sql/sql_base.cc"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "line_hashes": [
                "168544384147256645351056743036618817406",
                "50451342659074436417376011823148259476",
                "186318101579849850461204891639931981521",
                "218390225894619315967716500252344584557"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-319b8344",
        "target": {
            "file": "sql/sql_derived.cc",
            "function": "mysql_handle_single_derived"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "94106374924971372826460142161729586423",
            "length": 913.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-362ca9d2",
        "target": {
            "file": "sql/sql_base.cc",
            "function": "open_normal_and_derived_tables"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "294940075262138667602358936354965008942",
            "length": 597.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-38cdab29",
        "target": {
            "file": "sql/sql_prepare.cc",
            "function": "mysql_test_create_table"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "235753819923495502702942664180535283210",
            "length": 942.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-7b0b2027",
        "target": {
            "file": "sql/sql_show.cc",
            "function": "fill_schema_table_by_open"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "41437778563358113259307207121800751509",
            "length": 2225.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-81fce179",
        "target": {
            "file": "sql/sql_derived.cc",
            "function": "mysql_handle_derived"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "101931646880406494030966935605892683304",
            "length": 1479.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-8df0282a",
        "target": {
            "file": "sql/sql_show.cc",
            "function": "mysqld_list_fields"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "146040710720366585580707197404632625234",
            "length": 1000.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-956391da",
        "target": {
            "file": "sql/sql_prepare.cc",
            "function": "mysql_test_do_fields"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "282265357197290812965726598369122592845",
            "length": 452.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-9d90e26e",
        "target": {
            "file": "sql/sql_class.h"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "line_hashes": [
                "25659621010009786125164404455603937145",
                "244812572285093701929011865903861410272",
                "135505733500033385538611137446985357365",
                "329449124570590508714789493975010729205",
                "171314629574034887773000597308419181797",
                "89764016259477326958381951977404856061",
                "334855243505824478683610057194996675696"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-a94f21ff",
        "target": {
            "file": "sql/sql_show.cc"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "line_hashes": [
                "209753238693340880041535547327645207005",
                "334070641843918206322074786894599376572",
                "316310665983206167860018462332509291806",
                "232548721670911873680560609057779397011",
                "167208539937498664681683735279208545598",
                "199585545327948560623734408763450157132",
                "76506685930476968229085867394001919863",
                "281172649008171803085776340743584734404"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-f4163153",
        "target": {
            "file": "sql/sql_prepare.cc",
            "function": "mysql_test_set_fields"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "function_hash": "194805658341721684859143128259654138627",
            "length": 499.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2021-2166-f9d6bd0f",
        "target": {
            "file": "sql/sql_prepare.cc"
        },
        "source": "https://github.com/mariadb/server/commit/a20195bba5ff695b8c00b8b3f57edced3c1108a6",
        "digest": {
            "line_hashes": [
                "225110962163697236869617512016214378999",
                "271803788401245016054311266015887247976",
                "114628426084200241910127751388202670921",
                "42628445176351403523529725694633223320",
                "101225470818017190287972083985866998692",
                "50089665062729635219130237219008110524",
                "133595521131707003650803866502738985173",
                "223516217828469003607440062498462692971",
                "142072693006293248333500908379946308505",
                "30545965552448550597052659314849753491",
                "88667210771268085064696118079338461125",
                "126625423290341858471048495625847257641",
                "163916659944676181836255996539400582964",
                "62126678808852359200323133039533474712",
                "8645302836542464987474811482763832914",
                "273608608288985838897703698112404943796"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false
    }
]