CVE-2017-3302

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

References

http://www.debian.org/security/2017/dsa-3809

http://www.debian.org/security/2017/dsa-3834

http://www.openwall.com/lists/oss-security/2017/02/11/11

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/96162

http://www.securitytracker.com/id/1038287

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

Details

Source: MITRE

Published: 2017-02-12

Updated: 2019-10-03

Type: CWE-416

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
125007EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)NessusHuawei Local Security Checks
high
105077MariaDB 10.2.x < 10.2.10 Multiple VulnerabilitiesNessusDatabases
high
103008EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)NessusHuawei Local Security Checks
high
103007EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)NessusHuawei Local Security Checks
high
102755CentOS 7 : mariadb (CESA-2017:2192)NessusCentOS Local Security Checks
high
102648Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
high
102299Oracle Linux 7 : mariadb (ELSA-2017-2192)NessusOracle Linux Local Security Checks
high
102152RHEL 7 : mariadb (RHSA-2017:2192)NessusRed Hat Local Security Checks
high
100611openSUSE Security Update : mariadb (openSUSE-2017-644)NessusSuSE Local Security Checks
high
100245SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:1315-1)NessusSuSE Local Security Checks
high
100242SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:1311-1)NessusSuSE Local Security Checks
high
100039openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)NessusSuSE Local Security Checks
high
99760SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)NessusSuSE Local Security Checks
high
99723Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)NessusUbuntu Local Security Checks
high
99675Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)NessusDebian Local Security Checks
high
99673Debian DLA-916-1 : mysql-5.5 security update (Riddle)NessusDebian Local Security Checks
high
99670MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple VulnerabilitiesNessusDatabases
medium
99515MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)NessusDatabases
medium
99514MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)NessusDatabases
medium
99511MySQL 5.6.x < 5.6.20 client.c mysql_prune_stmt_list() Function DoS (April 2017 CPU)NessusDatabases
high
99510MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)NessusDatabases
medium
99034Slackware 14.2 / current : mariadb (SSA:2017-087-01)NessusSlackware Local Security Checks
high
97810FreeBSD : mysql -- denial of service vulnerability (7c27192f-0bc3-11e7-9940-b499baebfeaf)NessusFreeBSD Local Security Checks
high
97757Debian DSA-3809-1 : mariadb-10.0 - security updateNessusDebian Local Security Checks
high