CVE-2017-3257

Published: Jan 27, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Affected (6)

Products: Oracle: Mysql · Mariadb: Mariadb · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql	From 5.6.0 to 5.6.34
Oracle Mysql	From 5.7.0 to 5.7.16

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.0.0 to 10.0.29
Mariadb Mariadb	From 10.1.0 to 10.1.21
Mariadb Mariadb	From 10.2.0 to 10.2.8

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (20)

http://www.debian.org/security/2017/dsa-3770

Source: secalert_us@oracle.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/95589

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037640

Source: secalert_us@oracle.com

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2787

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2886

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0279

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0574

Source: secalert_us@oracle.com

Third Party Advisory

https://security.gentoo.org/glsa/201702-17

Source: secalert_us@oracle.com

Third Party Advisory

https://security.gentoo.org/glsa/201702-18

Source: secalert_us@oracle.com

Third Party Advisory

http://www.debian.org/security/2017/dsa-3770

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/95589

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037640

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2787

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0279

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0574

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201702-17

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201702-18

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.