---

CVE-2021-2372 - log back

CVE-2021-2372 edited at 28 Jul 2021 08:40:04
References	- https://mariadb.com/kb/en/security/ + https://mariadb.com/kb/en/mariadb-1064-release-notes/

CVE-2021-2372 edited at 28 Jul 2021 08:37:44
Description	- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. + A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete denial of service) of the MariaDB server.
References	- https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL + https://mariadb.com/kb/en/security/

CVE-2021-2372 edited at 27 Jul 2021 11:24:42
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
References	+ https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL
Notes

CVE-2021-2372 created at 27 Jul 2021 11:23:44