CVE-2021-2389 - log back

CVE-2021-2389 edited at 28 Jul 2021 08:40:14
References
- https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL
+ https://mariadb.com/kb/en/mariadb-1064-release-notes/
CVE-2021-2389 edited at 28 Jul 2021 08:38:17
Description
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
+ A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise the MariaDB server. Successful attacks of this vulnerability can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete denial of service) of the MariaDB server.
Notes
CVE-2021-2389 edited at 27 Jul 2021 11:25:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
References
+ https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL
CVE-2021-2389 created at 27 Jul 2021 11:23:44