CVE-2017-3302Use After Free in Oracle Mysql

CWE-416Use After Free9 documents7 sources
Severity
7.5HIGHNVD
EPSS
2.5%
top 14.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
MariadbOracle MysqlOracle Corporation Mysql Server+6 more
Timeline
PublishedFeb 12
Latest updateMay 13

Description

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

NVDoracle/mysql5.6.05.6.21+1
CVEListV5oracle_corporation/mysql_server5.5.54 and earlier, 5.6.20 and earlier+1
Alpinemariadb/mariadb< 10.1.22-r0+20
NVDmariadb/mariadb10.0.010.0.29+3

Also affects: Debian Linux 8.0, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-77pr-jpcv-9w4v: Crash in libmysqlclient2022-05-13
OSV
CVE-2017-3302: Crash in libmysqlclient2017-02-12
CVEList
CVE-2017-3302: Crash in libmysqlclient2017-02-12

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2017-07-24
Ubuntu
MySQL vulnerabilities2017-04-27
Red Hat
mysql: prepared statement handle use-after-free after disconnect2017-01-27

💬Community

2
Bugzilla
CVE-2017-3302 community-mysql: mysql: use-after-free in libmysqlclient.so [fedora-all]2017-02-14
Bugzilla
CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect2017-02-14
CVE-2017-3302 — Use After Free in Oracle Mysql | cvebase