Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Mariadb
  • Mariadb
Oracle
  • Mysql
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Openstack
  • Rhel Software Collections

Configuration 1 [-]

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
mariadb-1:5.5.60-1.el7_5 cpe:/o:redhat:enterprise_linux:7 RHSA-2018:2439 2018-08-16T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6
rh-mysql56-mysql-0:5.6.37-5.el6 cpe:/a:redhat:rhel_software_collections:2::el6 RHSA-2017:2787 2017-09-21T00:00:00Z
rh-mysql57-mysql-0:5.7.19-6.el6 cpe:/a:redhat:rhel_software_collections:2::el6 RHSA-2017:2886 2017-10-12T00:00:00Z
rh-mariadb100-mariadb-1:10.0.33-3.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0279 2018-02-06T00:00:00Z
rh-mariadb101-galera-0:25.3.12-12.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0574 2018-03-21T00:00:00Z
rh-mariadb101-mariadb-1:10.1.29-3.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0574 2018-03-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
rh-mysql56-mysql-0:5.6.37-5.el6 cpe:/a:redhat:rhel_software_collections:2::el6 RHSA-2017:2787 2017-09-21T00:00:00Z
rh-mysql57-mysql-0:5.7.19-6.el6 cpe:/a:redhat:rhel_software_collections:2::el6 RHSA-2017:2886 2017-10-12T00:00:00Z
rh-mariadb100-mariadb-1:10.0.33-3.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0279 2018-02-06T00:00:00Z
rh-mariadb101-galera-0:25.3.12-12.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0574 2018-03-21T00:00:00Z
rh-mariadb101-mariadb-1:10.1.29-3.el6 cpe:/a:redhat:rhel_software_collections:3::el6 RHSA-2018:0574 2018-03-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-mysql56-mysql-0:5.6.37-5.el7 cpe:/a:redhat:rhel_software_collections:2::el7 RHSA-2017:2787 2017-09-21T00:00:00Z
rh-mysql57-mysql-0:5.7.19-6.el7 cpe:/a:redhat:rhel_software_collections:2::el7 RHSA-2017:2886 2017-10-12T00:00:00Z
rh-mariadb100-mariadb-1:10.0.33-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0279 2018-02-06T00:00:00Z
rh-mariadb101-galera-0:25.3.12-12.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
rh-mariadb101-mariadb-1:10.1.29-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
rh-mysql56-mysql-0:5.6.37-5.el7 cpe:/a:redhat:rhel_software_collections:2::el7 RHSA-2017:2787 2017-09-21T00:00:00Z
rh-mysql57-mysql-0:5.7.19-6.el7 cpe:/a:redhat:rhel_software_collections:2::el7 RHSA-2017:2886 2017-10-12T00:00:00Z
rh-mariadb100-mariadb-1:10.0.33-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0279 2018-02-06T00:00:00Z
rh-mariadb101-galera-0:25.3.12-12.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
rh-mariadb101-mariadb-1:10.1.29-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
rh-mariadb100-mariadb-1:10.0.33-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0279 2018-02-06T00:00:00Z
rh-mariadb101-galera-0:25.3.12-12.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
rh-mariadb101-mariadb-1:10.1.29-3.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2018:0574 2018-03-21T00:00:00Z
References
Link Providers
http://www.debian.org/security/2017/dsa-3922 cve-icon cve-icon
http://www.debian.org/security/2017/dsa-3944 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL cve-icon
http://www.securityfocus.com/bid/99767 cve-icon cve-icon
http://www.securitytracker.com/id/1038928 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2787 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2886 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0279 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0574 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2439 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2729 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-3641 cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-3641 cve-icon
https://www.debian.org/security/2017/dsa-3955 cve-icon cve-icon
History

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2017-08-08T15:00:00

Updated: 2024-10-04T17:02:28.358Z

Reserved: 2016-12-06T00:00:00

Link: CVE-2017-3641

cve-icon Vulnrichment

Updated: 2024-08-05T14:30:58.980Z

cve-icon NVD

Status : Analyzed

Published: 2017-08-08T15:29:08.337

Modified: 2022-10-28T19:26:33.860

Link: CVE-2017-3641

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-07-19T00:00:00Z

Links: CVE-2017-3641 - Bugzilla