CVE-2017-3302

HIGH

Oracle MySQL < 5.6.21 and 5.7.x < 5.7.5 - Use-After-Free in libmysqlclient.so

Title source: llm
STIX 2.1

Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96162
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038287
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0574
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0279
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3834
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3809
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2017/02/11/11
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2192

Scores

CVSS v3 7.5
EPSS 0.0250
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (13)
debian/debian_linux 8.0
mariadb/mariadb < 5.5.54
oracle/mysql 5.6.0 - 5.6.21
Oracle Corporation/MySQL Server 5.5.54 and earlier
Oracle Corporation/MySQL Server 5.6.20 and earlier
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_aus 7.6
redhat/enterprise_linux_server_eus 7.4
... and 3 more
Published Feb 12, 2017
Tracked Since Feb 18, 2026