CVE-2017-3318

CVE-2017-3318

Name

CVE-2017-3318

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://www.debian.org/security/2017/dsa-3767
Third Party Advisory	http://www.debian.org/security/2017/dsa-3770
Patch	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
Third Party Advisory	http://www.securityfocus.com/bid/95588
Broken Link	http://www.securitytracker.com/id/1037640
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:2192
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:2787
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:2886
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:0279
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:0574
Third Party Advisory	https://security.gentoo.org/glsa/201702-17
Third Party Advisory	https://security.gentoo.org/glsa/201702-18

Type

URI

Third Party Advisory

http://www.debian.org/security/2017/dsa-3767

Third Party Advisory

http://www.debian.org/security/2017/dsa-3770

Patch

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Third Party Advisory

http://www.securityfocus.com/bid/95588

Broken Link

http://www.securitytracker.com/id/1037640

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2192

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2787

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2886

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0279

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0574

Third Party Advisory

https://security.gentoo.org/glsa/201702-17

Third Party Advisory

https://security.gentoo.org/glsa/201702-18

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:oracle:mysql::::::::`	mysql	>= 5.5.0	<= 5.5.53
`cpe:2.3:a:oracle:mysql::::::::`	mysql	>= 5.6.0	<= 5.6.34
`cpe:2.3:a:oracle:mysql::::::::`	mysql	>= 5.7.0	<= 5.7.16

CPE URI

Source package

Min version

Max version

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

mysql

>= 5.5.0

<= 5.5.53

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

mysql

>= 5.6.0

<= 5.6.34

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

mysql

>= 5.7.0

<= 5.7.16

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
mariadb	edge-main	10.1.21-r0	None	fixed
mariadb	3.22-main	10.1.21-r0	None	fixed
mariadb	3.21-main	10.1.21-r0	None	fixed
mariadb	3.20-main	10.1.21-r0	None	fixed
mariadb	3.19-main	10.1.21-r0	None	fixed
mariadb	3.18-main	10.1.21-r0	None	fixed
mariadb	3.17-main	10.1.21-r0	None	fixed
mariadb	3.12-main	10.1.21-r0	None	fixed
mariadb	3.11-main	10.1.21-r0	None	fixed
mariadb	3.10-main	10.1.21-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

mariadb

edge-main

10.1.21-r0

None

fixed

mariadb

3.22-main