CVE-2017-10384

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type: GIT
Repo: https://github.com/mariadb/server
Events: Introduced

776555af021e917ce0d6235386b43ae59fdd5161

Fixed

a346a5613ee7c0b17b0b4ce377659c996ef6bb75

Introduced

9664240c948a92c22ccda0e1f5a420eb776ddcb1

Fixed

c548fb0667ffe71d9387eaec342b1716fc4c9526

Introduced

c235de12ae3723b96944337bd89ad9cc87f21d8f

Fixed

535910ae5f20e36405631030e9c0eb22fe40a7c4

Introduced

f954e4bfae9a9723d33e05e4035e3c5a5e8d43d9

Fixed

d9675a10d5b1494458730367e1b790efc3b03bb7

Affected versions

mariadb-10.*

mariadb-10.0.25

mariadb-10.0.26

mariadb-10.0.27

mariadb-10.0.28

mariadb-10.0.29

mariadb-10.0.30

mariadb-10.0.31

mariadb-10.2.0

mariadb-5.*

mariadb-5.5.49

mariadb-5.5.50

mariadb-5.5.51

mariadb-5.5.52

mariadb-5.5.53

mariadb-5.5.54

mariadb-5.5.55

mariadb-5.5.56

mariadb-5.5.57

mysql-5.*

mysql-5.5.49

mysql-5.5.50

mysql-5.5.51

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

mysql-5.5.55

mysql-5.5.56

mysql-5.5.57

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-10384.json"

vanir_signatures

[
    {
        "source": "https://github.com/mariadb/server/commit/c548fb0667ffe71d9387eaec342b1716fc4c9526",
        "digest": {
            "length": 1304.0,
            "function_hash": "248046718813765606309068251123658866222"
        },
        "id": "CVE-2017-10384-2311d166",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "sql/sql_derived.cc",
            "function": "mysql_derived_merge_for_insert"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "length": 113.0,
            "function_hash": "207733575314944743011994916251693633306"
        },
        "id": "CVE-2017-10384-264e6224",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "storage/innobase/trx/trx0sys.c",
            "function": "read_wsrep_xid_uuid"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "length": 128.0,
            "function_hash": "17912270747052344099932071279529360294"
        },
        "id": "CVE-2017-10384-57f718c2",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "storage/xtradb/trx/trx0sys.c",
            "function": "read_wsrep_xid_seqno"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "line_hashes": [
                "44717583823469843166464292861032745222",
                "221987487215488691558939893409287295270",
                "298837683405984627665762927827413272156",
                "119630217509188786889188637466056176399",
                "89319367698684999832143161907646444048",
                "234502991052804538377701668909814950168",
                "249828877927996720582997662167697839850",
                "270303829286598141541972434023756266166",
                "235119861540768826158695221323352346864",
                "127206796211017414165207447123965595348",
                "272230015049906878424065815572750062756",
                "37472434444284098758871581490074682434",
                "285328758026587430947447230051443011819",
                "43148283913041525400065106067738948802",
                "161940847772610109224683216588866039508",
                "231189174455993115834418566228238136229",
                "33009832975054451738536869513730224806"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-10384-7e104dbd",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "storage/xtradb/trx/trx0sys.c"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "line_hashes": [
                "44717583823469843166464292861032745222",
                "221987487215488691558939893409287295270",
                "298837683405984627665762927827413272156",
                "119630217509188786889188637466056176399",
                "89319367698684999832143161907646444048",
                "234502991052804538377701668909814950168",
                "249828877927996720582997662167697839850",
                "270303829286598141541972434023756266166",
                "235119861540768826158695221323352346864",
                "127206796211017414165207447123965595348",
                "272230015049906878424065815572750062756",
                "37472434444284098758871581490074682434",
                "285328758026587430947447230051443011819",
                "43148283913041525400065106067738948802",
                "161940847772610109224683216588866039508",
                "231189174455993115834418566228238136229",
                "33009832975054451738536869513730224806"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-10384-88d60d7a",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "storage/innobase/trx/trx0sys.c"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/c548fb0667ffe71d9387eaec342b1716fc4c9526",
        "digest": {
            "line_hashes": [
                "37598745779533050802933831451354240563",
                "148100691799475688462979637583791371574",
                "256714664058405617444146650046350315869",
                "30840251350323357694068166601770960776",
                "122022733530817239314150393063036047891",
                "318300470379782107237051717217085670592",
                "96276598501522749142741981776648661971",
                "74754980952004710391973414329717813170",
                "216173259946383661325751397329790466678"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-10384-8ba756c4",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "sql/sql_derived.cc"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "length": 128.0,
            "function_hash": "17912270747052344099932071279529360294"
        },
        "id": "CVE-2017-10384-9c325dc9",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "storage/innobase/trx/trx0sys.c",
            "function": "read_wsrep_xid_seqno"
        }
    },
    {
        "source": "https://github.com/mariadb/server/commit/d9675a10d5b1494458730367e1b790efc3b03bb7",
        "digest": {
            "length": 113.0,
            "function_hash": "207733575314944743011994916251693633306"
        },
        "id": "CVE-2017-10384-b91127ab",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "storage/xtradb/trx/trx0sys.c",
            "function": "read_wsrep_xid_uuid"
        }
    }
]

Git / github.com/mysql/mysql-server

Affected ranges

Type: GIT
Repo: https://github.com/mysql/mysql-server
Events: Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Fixed

34cd74e52185de2ea3156e8295de3c638cde8c88

Affected versions

mysql-5.*

mysql-5.0.87sp1

mysql-5.0.90

mysql-5.0.91

mysql-5.0.92

mysql-5.0.93

mysql-5.0.94

mysql-5.0.95

mysql-5.0.96

mysql-5.1.40sp1

mysql-5.1.41

mysql-5.1.42

mysql-5.1.43

mysql-5.1.43sp1

mysql-5.1.44

mysql-5.1.45

mysql-5.1.46

mysql-5.1.46sp1

mysql-5.1.47

mysql-5.1.48

mysql-5.1.49

mysql-5.1.49sp1

mysql-5.1.50

mysql-5.1.51

mysql-5.1.52

mysql-5.1.52sp1

mysql-5.1.53

mysql-5.1.54

mysql-5.1.55

mysql-5.1.56

mysql-5.1.57

mysql-5.1.58

mysql-5.1.59

mysql-5.1.60

mysql-5.1.61

mysql-5.1.62

mysql-5.1.63

mysql-5.1.65

mysql-5.1.66

mysql-5.1.67

mysql-5.1.68

mysql-5.1.69

mysql-5.1.69-retag

mysql-5.1.70

mysql-5.1.71

mysql-5.1.72

mysql-5.1.73

mysql-5.1.74

mysql-5.1.75

mysql-5.1.76

mysql-5.1.77

mysql-5.5.0

mysql-5.5.1-m2

mysql-5.5.10

mysql-5.5.11

mysql-5.5.12

mysql-5.5.13

mysql-5.5.14

mysql-5.5.15

mysql-5.5.16

mysql-5.5.17

mysql-5.5.18

mysql-5.5.19

mysql-5.5.2-m2

mysql-5.5.20

mysql-5.5.21

mysql-5.5.22

mysql-5.5.23

mysql-5.5.24

mysql-5.5.25

mysql-5.5.25a

mysql-5.5.27

mysql-5.5.28

mysql-5.5.29

mysql-5.5.3-m3

mysql-5.5.30

mysql-5.5.31

mysql-5.5.32

mysql-5.5.33

mysql-5.5.34

mysql-5.5.35

mysql-5.5.36

mysql-5.5.37

mysql-5.5.38

mysql-5.5.39

mysql-5.5.40

mysql-5.5.41

mysql-5.5.42

mysql-5.5.43

mysql-5.5.44

mysql-5.5.45

mysql-5.5.46

mysql-5.5.47

mysql-5.5.48

mysql-5.5.49

mysql-5.5.5-m3

mysql-5.5.50

mysql-5.5.51

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

mysql-5.5.55

mysql-5.5.56

mysql-5.5.6-rc

mysql-5.5.7

mysql-5.5.8

mysql-5.5.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-10384.json"