CVE-2021-35558 Overview
CVE-2021-35558 is a denial of service vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability allows an authenticated attacker with low privileges to cause a partial denial of service condition in affected database deployments. The vulnerability is easily exploitable and requires only network access via Oracle Net protocol along with minimal privileges (Create Table privilege) to execute.
Critical Impact
Authenticated attackers can disrupt database availability by exploiting this Core RDBMS vulnerability, potentially causing service interruptions for dependent applications and business operations.
Affected Products
- Oracle Database 12.1.0.2
- Oracle Database 12.2.0.1
- Oracle Database 19c
- Oracle Database 21c
Discovery Timeline
- 2021-10-20 - CVE-2021-35558 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-35558
Vulnerability Analysis
This vulnerability exists within the Core RDBMS component of Oracle Database Server, which is responsible for fundamental database operations. The flaw enables a low-privileged attacker who possesses the Create Table privilege to impact database availability through network-based attacks. The exploitation does not require user interaction and can be conducted remotely via the Oracle Net protocol.
The vulnerability's impact is limited to availability, with no effect on confidentiality or integrity of the database system. While the denial of service is characterized as "partial," it could still result in degraded performance or temporary unavailability of database services that organizations depend upon for critical business functions.
Root Cause
The vulnerability stems from improper handling within the Core RDBMS component when processing certain operations from authenticated users with Create Table privileges. Oracle has not disclosed specific technical details about the root cause, classifying it under NVD-CWE-noinfo. The flaw allows resource exhaustion or disruption scenarios that affect database availability without compromising data confidentiality or integrity.
Attack Vector
The attack vector for CVE-2021-35558 is network-based, requiring the attacker to have:
- Network access to the Oracle Database Server via Oracle Net protocol
- Valid database credentials with at least Create Table privilege
- No additional user interaction required to execute the attack
The exploitation complexity is low, meaning the attacker does not need sophisticated techniques or specialized conditions to successfully trigger the vulnerability. An attacker positioned within the network or with remote access to the database listener port can leverage their Create Table privileges to initiate the denial of service condition.
Since no verified code examples are available for this vulnerability, the specific exploitation mechanism has not been publicly documented. Organizations should refer to the Oracle Critical Patch Update Advisory for technical guidance.
Detection Methods for CVE-2021-35558
Indicators of Compromise
- Unusual database performance degradation or partial service outages without obvious infrastructure causes
- Abnormal activity patterns from accounts with Create Table privileges
- Increased Oracle Net connection attempts or unusual query patterns targeting Core RDBMS functionality
- Database alert logs showing repeated errors or resource exhaustion warnings
Detection Strategies
- Monitor Oracle Database audit logs for suspicious Create Table operations from low-privileged accounts
- Implement database activity monitoring (DAM) solutions to detect anomalous behavior patterns
- Configure Oracle Database Fine-Grained Auditing (FGA) to track privilege usage
- Deploy network monitoring to identify unusual Oracle Net protocol traffic patterns
Monitoring Recommendations
- Enable comprehensive auditing on Oracle Database instances for privilege-based operations
- Set up alerting thresholds for database availability metrics to detect partial DoS conditions
- Monitor resource utilization trends on database servers to identify early signs of exploitation
- Review Oracle listener logs for unusual connection patterns or repeated access attempts
How to Mitigate CVE-2021-35558
Immediate Actions Required
- Apply the Oracle Critical Patch Update (CPU) from October 2021 immediately
- Audit all accounts with Create Table privileges and remove unnecessary access
- Restrict network access to Oracle Database listener ports using firewall rules
- Implement principle of least privilege for database user accounts
Patch Information
Oracle addressed this vulnerability in the October 2021 Critical Patch Update. Organizations should apply the relevant patch for their Oracle Database version:
- Oracle Database 12.1.0.2: Apply October 2021 CPU patch
- Oracle Database 12.2.0.1: Apply October 2021 CPU patch
- Oracle Database 19c: Apply October 2021 CPU patch
- Oracle Database 21c: Apply October 2021 CPU patch
Detailed patch information is available in the Oracle Critical Patch Update Advisory.
Workarounds
- Review and restrict Create Table privileges to only essential database users
- Implement network segmentation to limit exposure of Oracle Database listener ports
- Enable Oracle Database Vault to add additional access controls around privileged operations
- Consider implementing Oracle Connection Manager to add an additional layer of connection filtering
# Configuration example - Audit Create Table privilege usage
# Enable standard auditing for CREATE TABLE operations
AUDIT CREATE TABLE BY ACCESS;
# Review users with CREATE TABLE privilege
SELECT grantee, privilege FROM dba_sys_privs WHERE privilege = 'CREATE TABLE';
# Restrict listener access via sqlnet.ora
# Add to $ORACLE_HOME/network/admin/sqlnet.ora
TCP.VALIDNODE_CHECKING = YES
TCP.INVITED_NODES = (trusted_host1, trusted_host2)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
