CVE-2017-3302

MEDIUM

Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

References

http://www.debian.org/security/2017/dsa-3809

http://www.debian.org/security/2017/dsa-3834

http://www.openwall.com/lists/oss-security/2017/02/11/11

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/96162

http://www.securitytracker.com/id/1038287

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

Details

Source: MITRE

Published: 2017-02-12

Updated: 2019-10-03

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions up to 5.5.54 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.0.0 to 10.0.29 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.1.0 to 10.1.21 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 10.2.0 to 10.2.3 (inclusive)

Configuration 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
125007	EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)	Nessus	Huawei Local Security Checks	high
105077	MariaDB 10.2.x < 10.2.10 Multiple Vulnerabilities	Nessus	Databases	medium
103008	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)	Nessus	Huawei Local Security Checks	medium
103007	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)	Nessus	Huawei Local Security Checks	medium
102755	CentOS 7 : mariadb (CESA-2017:2192)	Nessus	CentOS Local Security Checks	medium
102648	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)	Nessus	Scientific Linux Local Security Checks	medium
102299	Oracle Linux 7 : mariadb (ELSA-2017-2192)	Nessus	Oracle Linux Local Security Checks	medium
102152	RHEL 7 : mariadb (RHSA-2017:2192)	Nessus	Red Hat Local Security Checks	medium
100611	openSUSE Security Update : mariadb (openSUSE-2017-644)	Nessus	SuSE Local Security Checks	medium
100245	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:1315-1)	Nessus	SuSE Local Security Checks	medium
100242	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:1311-1)	Nessus	SuSE Local Security Checks	medium
100039	openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)	Nessus	SuSE Local Security Checks	high
99760	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)	Nessus	SuSE Local Security Checks	medium
99723	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)	Nessus	Ubuntu Local Security Checks	high
99675	Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)	Nessus	Debian Local Security Checks	medium
99673	Debian DLA-916-1 : mysql-5.5 security update (Riddle)	Nessus	Debian Local Security Checks	medium
99670	MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities	Nessus	Databases	medium
99515	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99514	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99511	MySQL 5.6.x < 5.6.20 client.c mysql_prune_stmt_list() Function DoS (April 2017 CPU)	Nessus	Databases	medium
99510	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99034	Slackware 14.2 / current : mariadb (SSA:2017-087-01)	Nessus	Slackware Local Security Checks	medium
97810	FreeBSD : mysql -- denial of service vulnerability (7c27192f-0bc3-11e7-9940-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
97757	Debian DSA-3809-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium