VDB
GCVE-110-CERTCC-2021-567764
GCVE-110-CERTCC-2021-567764
Advisory Published
### Overview
MySQL for Windows contains a privilege escalation vulnerability due to the use of an `OPENSSLDIR` variable that specifies a location where an unprivileged Windows user can create files.
### Description
**CVE-2021-2307**
MySQL includes an OpenSSL component that specifies an `OPENSSLDIR` variable as a subdirectory of `/build_area/`. On the Windows platform, this path is interpreted as `C:\build_area`. MySQL contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted `openssl.cnf` file to achieve arbitrary code execution with SYSTEM privileges.
### Impact
By placing a specially-crafted `openssl.cnf` in a `C:\build_area` subdirectory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable MySQL software installed.
### Solution
#### Apply an update
This vulnerability is [addressed](https://www.oracle.com/security-alerts/cpuapr2021.html) in the MySQL Windows installer version 8.0.24 and 5.7.34.
#### Create a C:\build_area directory
In cases where an update cannot be installed, this vulnerability can be mitigated by creating a `C:\build_area` directory and restricting ACLs to prevent unprivileged users from being able to write to this location.
### Acknowledgements
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
Aliases
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.