CVE-2017-3309

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-3309
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3309.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-3309
Downstream
Related
Published
2017-04-24T19:59:00Z
Modified
2025-09-19T12:26:46.327263Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

References

Affected packages

Alpine:v3.3 / mariadb

Package

Name
mariadb
Purl
pkg:apk/alpine/mariadb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.23-r0

Affected versions

5.*

5.5.41-r0
5.5.41-r1
5.5.41-r2
5.5.42-r0
5.5.42-r1
5.5.42-r2
5.5.42-r3
5.5.42-r4
5.5.43-r0
5.5.43-r1
5.5.43-r2
5.5.43-r3
5.5.43-r4
5.5.43-r5

10.*

10.0.21-r0
10.0.21-r1
10.0.21-r2
10.1.8-r0
10.1.8-r1
10.1.9-r0
10.1.9-r1
10.1.9-r2
10.1.11-r0
10.1.11-r1
10.1.12-r0
10.1.12-r1
10.1.17-r0
10.1.18-r0
10.1.19-r0
10.1.21-r0
10.1.22-r0

Alpine:v3.4 / mariadb

Package

Name
mariadb
Purl
pkg:apk/alpine/mariadb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.23-r0

Affected versions

5.*

5.5.41-r0
5.5.41-r1
5.5.41-r2
5.5.42-r0
5.5.42-r1
5.5.42-r2
5.5.42-r3
5.5.42-r4
5.5.43-r0
5.5.43-r1
5.5.43-r2
5.5.43-r3
5.5.43-r4
5.5.43-r5

10.*

10.0.21-r0
10.0.21-r1
10.0.21-r2
10.1.8-r0
10.1.8-r1
10.1.9-r0
10.1.9-r1
10.1.9-r2
10.1.9-r3
10.1.11-r0
10.1.11-r1
10.1.12-r0
10.1.12-r1
10.1.13-r0
10.1.13-r1
10.1.14-r0
10.1.14-r1
10.1.14-r2
10.1.14-r3
10.1.17-r0
10.1.18-r0
10.1.19-r0
10.1.21-r0
10.1.22-r0

Alpine:v3.5 / mariadb

Package

Name
mariadb
Purl
pkg:apk/alpine/mariadb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.23-r0

Affected versions

5.*

5.5.41-r0
5.5.41-r1
5.5.41-r2
5.5.42-r0
5.5.42-r1
5.5.42-r2
5.5.42-r3
5.5.42-r4
5.5.43-r0
5.5.43-r1
5.5.43-r2
5.5.43-r3
5.5.43-r4
5.5.43-r5

10.*

10.0.21-r0
10.0.21-r1
10.0.21-r2
10.1.8-r0
10.1.8-r1
10.1.9-r0
10.1.9-r1
10.1.9-r2
10.1.9-r3
10.1.11-r0
10.1.11-r1
10.1.12-r0
10.1.12-r1
10.1.13-r0
10.1.13-r1
10.1.14-r0
10.1.14-r1
10.1.14-r2
10.1.14-r3
10.1.16-r0
10.1.17-r0
10.1.17-r1
10.1.18-r0
10.1.18-r1
10.1.19-r0
10.1.20-r0
10.1.21-r0
10.1.22-r0

Alpine:v3.6 / mariadb

Package

Name
mariadb
Purl
pkg:apk/alpine/mariadb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.23-r0

Affected versions

5.*

5.5.41-r0
5.5.41-r1
5.5.41-r2
5.5.42-r0
5.5.42-r1
5.5.42-r2
5.5.42-r3
5.5.42-r4
5.5.43-r0
5.5.43-r1
5.5.43-r2
5.5.43-r3
5.5.43-r4
5.5.43-r5

10.*

10.0.21-r0
10.0.21-r1
10.0.21-r2
10.1.8-r0
10.1.8-r1
10.1.9-r0
10.1.9-r1
10.1.9-r2
10.1.9-r3
10.1.11-r0
10.1.11-r1
10.1.12-r0
10.1.12-r1
10.1.13-r0
10.1.13-r1
10.1.14-r0
10.1.14-r1
10.1.14-r2
10.1.14-r3
10.1.16-r0
10.1.17-r0
10.1.17-r1
10.1.18-r0
10.1.18-r1
10.1.19-r0
10.1.20-r0
10.1.21-r0
10.1.22-r0
10.1.22-r1

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Type
GIT
Repo
https://github.com/mysql/mysql-server
Events

Affected versions

mysql-5.*

mysql-5.0.87sp1
mysql-5.0.90
mysql-5.0.91
mysql-5.0.92
mysql-5.0.93
mysql-5.0.94
mysql-5.0.95
mysql-5.0.96
mysql-5.1.40sp1
mysql-5.1.41
mysql-5.1.42
mysql-5.1.43
mysql-5.1.43sp1
mysql-5.1.44
mysql-5.1.45
mysql-5.1.46
mysql-5.1.46sp1
mysql-5.1.47
mysql-5.1.48
mysql-5.1.49
mysql-5.1.49sp1
mysql-5.1.50
mysql-5.1.51
mysql-5.1.52
mysql-5.1.52sp1
mysql-5.1.53
mysql-5.1.54
mysql-5.1.55
mysql-5.1.56
mysql-5.1.57
mysql-5.1.58
mysql-5.1.59
mysql-5.1.60
mysql-5.1.61
mysql-5.1.62
mysql-5.1.63
mysql-5.1.65
mysql-5.1.66
mysql-5.1.67
mysql-5.1.68
mysql-5.1.69
mysql-5.1.69-retag
mysql-5.1.70
mysql-5.1.71
mysql-5.1.72
mysql-5.1.73
mysql-5.1.74
mysql-5.1.75
mysql-5.1.76
mysql-5.1.77
mysql-5.5.0
mysql-5.5.1-m2
mysql-5.5.10
mysql-5.5.11
mysql-5.5.12
mysql-5.5.13
mysql-5.5.14
mysql-5.5.15
mysql-5.5.16
mysql-5.5.17
mysql-5.5.18
mysql-5.5.19
mysql-5.5.2-m2
mysql-5.5.20
mysql-5.5.21
mysql-5.5.22
mysql-5.5.23
mysql-5.5.24
mysql-5.5.25
mysql-5.5.25a
mysql-5.5.27
mysql-5.5.28
mysql-5.5.29
mysql-5.5.3-m3
mysql-5.5.30
mysql-5.5.31
mysql-5.5.32
mysql-5.5.33
mysql-5.5.34
mysql-5.5.35
mysql-5.5.36
mysql-5.5.37
mysql-5.5.38
mysql-5.5.39
mysql-5.5.40
mysql-5.5.41
mysql-5.5.42
mysql-5.5.43
mysql-5.5.44
mysql-5.5.45
mysql-5.5.46
mysql-5.5.47
mysql-5.5.48
mysql-5.5.49
mysql-5.5.5-m3
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.6-rc
mysql-5.5.7
mysql-5.5.8
mysql-5.5.9

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2017-3309-017750b4",
            "digest": {
                "length": 595.0,
                "function_hash": "42526495682318897469202677931179336455"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "init_dumping"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-0778ee24",
            "digest": {
                "length": 10937.0,
                "function_hash": "227475061533329738085031105100031106996"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "get_table_structure"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-0b2a382b",
            "digest": {
                "length": 3056.0,
                "function_hash": "283872701544742768257779130745336628180"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_events_for_db"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-0deb9fd5",
            "digest": {
                "length": 1749.0,
                "function_hash": "61031449315181416583737506107960987338"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "write_header"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-230fc291",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "287840253208859831013181147116206525376",
                    "324136547317919813359352064277236333715",
                    "282430677639818099929617913825166653421",
                    "147139391803266763314761740611417390198",
                    "258802801894329452504020721432820698677",
                    "91138205289354102969073748767653790743",
                    "233493404795263154842363746119238816673",
                    "309355098527796234463986548578076187884",
                    "246521560388497353004885266086561128681",
                    "65595240965851819816944346960684994155",
                    "321094355807444156552637940556050534243",
                    "173566830439109051968149803806679781001",
                    "199290765851492278749490509745647329182",
                    "45989153402127012733139951888311868178",
                    "114416289830545276075284455762878229460",
                    "277119867620039162696505662519865168492",
                    "1406835726190704947481628521158899781",
                    "174614877685627249914600596442902313165",
                    "99127866680226208064705749248054614695",
                    "39471861491129910410498619482011041391",
                    "281380462612982588805056671783939902254",
                    "276555443743869160836284840037473276887",
                    "63704244798856370080746536556622922021",
                    "196970177491568200692872190131374048986",
                    "211909851172610884740259624997676708138",
                    "24854640261605884487014526616906487662",
                    "206025079568806760122742316187267806127",
                    "311871759366108697833006663439889249742",
                    "221096165144546299147742464005478717924",
                    "105220650397672059064628403102505049061",
                    "18628631760629166584977079678764798872",
                    "119656696777604396040253590625706193749",
                    "221096165144546299147742464005478717924",
                    "168602443676074510547085005830811337443",
                    "114424463055898619066660915433101962969",
                    "153916697495976485808117997579764618991",
                    "180695665933106799821938816193290640991",
                    "317750465811503273914953924986043255767",
                    "299148576020784136739117619416196108572",
                    "118157318188170081201040706357790495674",
                    "41102378010887911272271175550789649896",
                    "149518576500014602976768066358926314484",
                    "54189500566898801091712575313356035066",
                    "44002167410011708810019578410179393524",
                    "203679880670483351499138583783885028443",
                    "270476162896496040883649640857060526904",
                    "204451005490097465986732821480961200936",
                    "223608088947237646770529443703107663724",
                    "250724728853505500189006708705469851241",
                    "97779087057840683929947270035268598704",
                    "332940999390577626529849682776968183891",
                    "171433106859136870351199048718637400189",
                    "260127954252147593913051498861828999833",
                    "292556811704801901721130727931310806132",
                    "315481399744044133717527275946904624115",
                    "144450971157728465792195077319518344721",
                    "138134974382930509413378452785541640177",
                    "93139083326288700668774484888006665665"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-3566e59d",
            "digest": {
                "length": 9653.0,
                "function_hash": "273064814930547228481748278923107127025"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_table"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-3d5cc0a7",
            "digest": {
                "length": 1749.0,
                "function_hash": "61031449315181416583737506107960987338"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "write_header"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-3dd1fd8a",
            "digest": {
                "length": 595.0,
                "function_hash": "42526495682318897469202677931179336455"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "init_dumping"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-573a3d7b",
            "digest": {
                "length": 3068.0,
                "function_hash": "229205966501763571287196631931031338507"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_routines_for_db"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-77a2b85b",
            "digest": {
                "length": 3068.0,
                "function_hash": "229205966501763571287196631931031338507"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_routines_for_db"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-7c5b056e",
            "digest": {
                "length": 3056.0,
                "function_hash": "283872701544742768257779130745336628180"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_events_for_db"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-89d625e9",
            "digest": {
                "length": 4417.0,
                "function_hash": "52340132320564584267245206336274565455"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "get_view_structure"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-923416e2",
            "digest": {
                "length": 9653.0,
                "function_hash": "273064814930547228481748278923107127025"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "dump_table"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-ba0ccb33",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "287840253208859831013181147116206525376",
                    "324136547317919813359352064277236333715",
                    "282430677639818099929617913825166653421",
                    "147139391803266763314761740611417390198",
                    "258802801894329452504020721432820698677",
                    "91138205289354102969073748767653790743",
                    "233493404795263154842363746119238816673",
                    "309355098527796234463986548578076187884",
                    "246521560388497353004885266086561128681",
                    "65595240965851819816944346960684994155",
                    "321094355807444156552637940556050534243",
                    "173566830439109051968149803806679781001",
                    "199290765851492278749490509745647329182",
                    "45989153402127012733139951888311868178",
                    "114416289830545276075284455762878229460",
                    "277119867620039162696505662519865168492",
                    "1406835726190704947481628521158899781",
                    "174614877685627249914600596442902313165",
                    "99127866680226208064705749248054614695",
                    "39471861491129910410498619482011041391",
                    "281380462612982588805056671783939902254",
                    "276555443743869160836284840037473276887",
                    "63704244798856370080746536556622922021",
                    "196970177491568200692872190131374048986",
                    "211909851172610884740259624997676708138",
                    "24854640261605884487014526616906487662",
                    "206025079568806760122742316187267806127",
                    "311871759366108697833006663439889249742",
                    "221096165144546299147742464005478717924",
                    "105220650397672059064628403102505049061",
                    "18628631760629166584977079678764798872",
                    "119656696777604396040253590625706193749",
                    "221096165144546299147742464005478717924",
                    "168602443676074510547085005830811337443",
                    "114424463055898619066660915433101962969",
                    "153916697495976485808117997579764618991",
                    "180695665933106799821938816193290640991",
                    "317750465811503273914953924986043255767",
                    "299148576020784136739117619416196108572",
                    "118157318188170081201040706357790495674",
                    "41102378010887911272271175550789649896",
                    "149518576500014602976768066358926314484",
                    "54189500566898801091712575313356035066",
                    "44002167410011708810019578410179393524",
                    "203679880670483351499138583783885028443",
                    "270476162896496040883649640857060526904",
                    "204451005490097465986732821480961200936",
                    "223608088947237646770529443703107663724",
                    "250724728853505500189006708705469851241",
                    "97779087057840683929947270035268598704",
                    "332940999390577626529849682776968183891",
                    "171433106859136870351199048718637400189",
                    "260127954252147593913051498861828999833",
                    "292556811704801901721130727931310806132",
                    "315481399744044133717527275946904624115",
                    "144450971157728465792195077319518344721",
                    "138134974382930509413378452785541640177",
                    "93139083326288700668774484888006665665"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-be381038",
            "digest": {
                "length": 4417.0,
                "function_hash": "52340132320564584267245206336274565455"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "get_view_structure"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        },
        {
            "id": "CVE-2017-3309-d56a3b4a",
            "digest": {
                "length": 10937.0,
                "function_hash": "227475061533329738085031105100031106996"
            },
            "signature_version": "v1",
            "target": {
                "file": "client/mysqldump.c",
                "function": "get_table_structure"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9"
        }
    ]
}