CVE-2017-3302

MEDIUM

Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

References

http://www.debian.org/security/2017/dsa-3809

http://www.debian.org/security/2017/dsa-3834

http://www.openwall.com/lists/oss-security/2017/02/11/11

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/96162

http://www.securitytracker.com/id/1038287

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

Details

Source: MITRE

Published: 2017-02-12

Updated: 2019-10-03

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions up to 5.5.54 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.0.0 to 10.0.29 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.1.0 to 10.1.21 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.2.0 to 10.2.3 (inclusive)

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
125007EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)NessusHuawei Local Security Checks
high
105077MariaDB 10.2.x < 10.2.10 Multiple VulnerabilitiesNessusDatabases
medium
103008EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)NessusHuawei Local Security Checks
medium
103007EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)NessusHuawei Local Security Checks
medium
102755CentOS 7 : mariadb (CESA-2017:2192)NessusCentOS Local Security Checks
medium
102648Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
medium
102299Oracle Linux 7 : mariadb (ELSA-2017-2192)NessusOracle Linux Local Security Checks
medium
102152RHEL 7 : mariadb (RHSA-2017:2192)NessusRed Hat Local Security Checks
medium
100611openSUSE Security Update : mariadb (openSUSE-2017-644)NessusSuSE Local Security Checks
medium
100245SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:1315-1)NessusSuSE Local Security Checks
medium
100242SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:1311-1)NessusSuSE Local Security Checks
medium
100039openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)NessusSuSE Local Security Checks
high
99760SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)NessusSuSE Local Security Checks
medium
99723Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)NessusUbuntu Local Security Checks
high
99675Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)NessusDebian Local Security Checks
medium
99673Debian DLA-916-1 : mysql-5.5 security update (Riddle)NessusDebian Local Security Checks
medium
99670MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple VulnerabilitiesNessusDatabases
medium
99515MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)NessusDatabases
medium
99514MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)NessusDatabases
medium
99511MySQL 5.6.x < 5.6.20 client.c mysql_prune_stmt_list() Function DoS (April 2017 CPU)NessusDatabases
medium
99510MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)NessusDatabases
medium
99034Slackware 14.2 / current : mariadb (SSA:2017-087-01)NessusSlackware Local Security Checks
medium
97810FreeBSD : mysql -- denial of service vulnerability (7c27192f-0bc3-11e7-9940-b499baebfeaf)NessusFreeBSD Local Security Checks
medium
97757Debian DSA-3809-1 : mariadb-10.0 - security updateNessusDebian Local Security Checks
medium