{"containers": {"cna": {"affected": [{"product": "MySQL Server", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "5.5.54 and earlier"}, {"status": "affected", "version": "5.6.20 and earlier"}]}], "datePublic": "2017-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-22T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "96162", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96162"}, {"name": "RHSA-2017:2787", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2787"}, {"name": "1038287", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038287"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "RHSA-2018:0574", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0574"}, {"name": "RHSA-2018:0279", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0279"}, {"name": "DSA-3834", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3834"}, {"name": "DSA-3809", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3809"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11"}, {"name": "RHSA-2017:2192", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2192"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-3302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MySQL Server", "version": {"version_data": [{"version_affected": "=", "version_value": "5.5.54 and earlier"}, {"version_affected": "=", "version_value": "5.6.20 and earlier"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."}]}]}, "references": {"reference_data": [{"name": "96162", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96162"}, {"name": "RHSA-2017:2787", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2787"}, {"name": "1038287", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038287"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "RHSA-2018:0574", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0574"}, {"name": "RHSA-2018:0279", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0279"}, {"name": "DSA-3834", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3834"}, {"name": "DSA-3809", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3809"}, {"name": "http://www.openwall.com/lists/oss-security/2017/02/11/11", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11"}, {"name": "RHSA-2017:2192", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2192"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:23:33.637Z"}, "title": "CVE Program Container", "references": [{"name": "96162", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96162"}, {"name": "RHSA-2017:2787", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2787"}, {"name": "1038287", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038287"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "RHSA-2018:0574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0574"}, {"name": "RHSA-2018:0279", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0279"}, {"name": "DSA-3834", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3834"}, {"name": "DSA-3809", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3809"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11"}, {"name": "RHSA-2017:2192", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2192"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T20:04:48.579501Z", "id": "CVE-2017-3302", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T20:13:36.675Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-3302", "datePublished": "2017-02-12T04:43:00", "dateReserved": "2016-12-06T00:00:00", "dateUpdated": "2024-10-08T20:13:36.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/96162", "name": "96162", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2787", "name": "RHSA-2017:2787", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1038287", "name": "1038287", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0574", "name": "RHSA-2018:0574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0279", "name": "RHSA-2018:0279", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.debian.org/security/2017/dsa-3834", "name": "DSA-3834", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://www.debian.org/security/2017/dsa-3809", "name": "DSA-3809", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/11/11", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2192", "name": "RHSA-2017:2192", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:23:33.637Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-3302", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T20:04:48.579501Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T20:05:15.578Z"}}], "cna": {"affected": [{"vendor": "Oracle Corporation", "product": "MySQL Server", "versions": [{"status": "affected", "version": "5.5.54 and earlier"}, {"status": "affected", "version": "5.6.20 and earlier"}]}], "datePublic": "2017-02-11T00:00:00", "references": [{"url": "http://www.securityfocus.com/bid/96162", "name": "96162", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2787", "name": "RHSA-2017:2787", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securitytracker.com/id/1038287", "name": "1038287", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0574", "name": "RHSA-2018:0574", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0279", "name": "RHSA-2018:0279", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.debian.org/security/2017/dsa-3834", "name": "DSA-3834", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://www.debian.org/security/2017/dsa-3809", "name": "DSA-3809", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/11/11", "tags": ["x_refsource_MISC"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2192", "name": "RHSA-2017:2192", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2018-03-22T09:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "5.5.54 and earlier", "version_affected": "="}, {"version_value": "5.6.20 and earlier", "version_affected": "="}]}, "product_name": "MySQL Server"}]}, "vendor_name": "Oracle Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/96162", "name": "96162", "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2787", "name": "RHSA-2017:2787", "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1038287", "name": "1038287", "refsource": "SECTRACK"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0574", "name": "RHSA-2018:0574", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0279", "name": "RHSA-2018:0279", "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2017/dsa-3834", "name": "DSA-3834", "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2017/dsa-3809", "name": "DSA-3809", "refsource": "DEBIAN"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/11/11", "name": "http://www.openwall.com/lists/oss-security/2017/02/11/11", "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2192", "name": "RHSA-2017:2192", "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-3302", "STATE": "PUBLIC", "ASSIGNER": "secalert_us@oracle.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-3302", "state": "PUBLISHED", "dateUpdated": "2024-10-08T20:13:36.675Z", "dateReserved": "2016-12-06T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2017-02-12T04:43:00", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0C4A1F9-3C06-443E-A34D-743396F8E3C4", "versionEndExcluding": "5.6.21", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF260A4F-5B6A-415B-8857-1EF4B02267EE", "versionEndExcluding": "5.7.5", "versionStartIncluding": "5.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "402A7D46-9168-44F4-9D73-053A68BE6C5E", "versionEndIncluding": "5.5.54", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C08F580-8B61-4AE7-BE14-61B3049DF8EF", "versionEndIncluding": "10.0.29", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5033B0F-346B-45CE-943D-B2FA398FB1A0", "versionEndIncluding": "10.1.21", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD4D6819-4993-40C7-BC41-B8B830385EC2", "versionEndIncluding": "10.2.3", "versionStartIncluding": "10.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."}, {"lang": "es", "value": "Ca\u00edda en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versi\u00f3n 5.5.54, 10.0.x hasta la versi\u00f3n 10.0.29, 10.1.x hasta la versi\u00f3n 10.1.21 y 10.2.x hasta la versi\u00f3n 10.2.3."}], "id": "CVE-2017-3302", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-12T04:59:00.127", "references": [{"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3809"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3834"}, {"source": "secalert_us@oracle.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96162"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038287"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2192"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2787"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0279"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0574"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2192", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mariadb-1:5.5.56-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2787", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mysql56-mysql-0:5.6.37-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2018:0279", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb100-mariadb-1:10.0.33-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-02-06T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb101-galera-0:25.3.12-12.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb101-mariadb-1:10.1.29-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:2787", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-mysql56-mysql-0:5.6.37-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2018:0279", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb100-mariadb-1:10.0.33-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-02-06T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb101-galera-0:25.3.12-12.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb101-mariadb-1:10.1.29-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:2787", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mysql56-mysql-0:5.6.37-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2018:0279", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb100-mariadb-1:10.0.33-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-02-06T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-galera-0:25.3.12-12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-mariadb-1:10.1.29-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:2787", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-mysql56-mysql-0:5.6.37-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2018:0279", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb100-mariadb-1:10.0.33-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-02-06T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-galera-0:25.3.12-12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-mariadb-1:10.1.29-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0279", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb100-mariadb-1:10.0.33-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-02-06T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-galera-0:25.3.12-12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-03-21T00:00:00Z"}, {"advisory": "RHSA-2018:0574", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb101-mariadb-1:10.1.29-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-03-21T00:00:00Z"}], "bugzilla": {"description": "mysql: prepared statement handle use-after-free after disconnect", "id": "1422119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422119"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", "A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient."], "name": "CVE-2017-3302", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "mysql55-mysql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-mysql57-mysql", "product_name": "Red Hat Software Collections"}], "public_date": "2017-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-3302\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3302"], "threat_severity": "Low", "upstream_fix": "mariadb 10.0.30, mariadb 10.1.22, mariadb 10.2.5, mariadb 5.5.55, mysql 5.5.55, mysql 5.6.21, mysql 5.7.5"}