CVE-2017-3464
published 2017-04-24CVE-2017-3464: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
2.15%
79.7th percentile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| mariadb | mariadb | >= 0 < 10.1.23-r0 | 10.1.23-r0 |
| mariadb | mariadb | >= 0 < 10.1.23-r0 | 10.1.23-r0 |
| mariadb | mariadb | >= 0 < 10.1.23-r0 | 10.1.23-r0 |
| mariadb | mariadb | >= 0 < 10.1.23-r0 | 10.1.23-r0 |
| mariadb | mariadb | >= 10.0.0 < 10.0.31 | 10.0.31 |
| mariadb | mariadb | >= 10.1.0 < 10.1.23 | 10.1.23 |
| mariadb | mariadb | >= 10.2.0 < 10.2.6 | 10.2.6 |
| mariadb | mariadb | >= 5.5.0 < 5.5.55 | 5.5.55 |
| oracle | mysql | 5.5.0 – 5.5.54 | — |
| oracle | mysql | 5.6.0 – 5.6.35 | — |
| oracle | mysql | 5.7.0 – 5.7.17 | — |
| oracle_corporation | mysql_server | — | — |
| oracle_corporation | mysql_server | — | — |
| oracle_corporation | mysql_server | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2017-07-24
CVE-2017-3302 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
USN-3357-1 fixed several vulnerabilities in MySQL. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Instructions: In general, a standard system update will make all the necessary
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2017-04-27
CVE-2017-3302 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,
Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Instructions: In general, a standard system update will make all the necessary
Red Hat
mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
vendor_redhat·2017-04-19·CVSS 4.3
CVE-2017-3464 [MEDIUM] mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Package: mysql55-mysql (Red Hat Enterprise Linux 5) - Will not fix
Package: mysql (Red Hat Enterprise Linux 6) - Will not fix
Package: mariadb-galera (Red Hat
GHSA
GHSA-4xm4-j6r9-v8m3: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL)
ghsa_unreviewed·2022-05-13
CVE-2017-3464 [MEDIUM] GHSA-4xm4-j6r9-v8m3: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
OSV
CVE-2017-3464: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL)
osv·2017-04-24·CVSS 4.3
CVE-2017-3464 [MEDIUM] CVE-2017-3464: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
bugzilla·2017-04-19·CVSS 4.3
CVE-2017-3464 [MEDIUM] CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.
External References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
Discussion:
Created mariadb tracking bugs for this issue:
Affects: fedora-all [bug 1443408]
---
Created community-mysql tracking bugs for t
Bugzilla
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 mariadb: various flaws [fedora-all]
bugzilla·2017-04-19·CVSS 7.7
CVE-2017-3308 [HIGH] CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 mariadb: various flaws [fedora-all]
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 mariadb: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2017-3308 CVE-2017-3309 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 community-mysql: various flaws [fedora-all]
bugzilla·2017-04-19·CVSS 7.7
CVE-2017-3308 [HIGH] CVE-2017-3308 CVE-2017-3309 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 community-mysql: various flaws [fedora-all]
CVE-2017-3308 CVE-2017-3309 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 community-mysql: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in
http://www.debian.org/security/2017/dsa-3834http://www.debian.org/security/2017/dsa-3944http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.securityfocus.com/bid/97818http://www.securitytracker.com/id/1038287https://access.redhat.com/errata/RHSA-2017:2192https://access.redhat.com/errata/RHSA-2017:2787https://access.redhat.com/errata/RHSA-2017:2886https://access.redhat.com/errata/RHSA-2018:0279https://access.redhat.com/errata/RHSA-2018:0574http://www.debian.org/security/2017/dsa-3834http://www.debian.org/security/2017/dsa-3944http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.securityfocus.com/bid/97818http://www.securitytracker.com/id/1038287https://access.redhat.com/errata/RHSA-2017:2192https://access.redhat.com/errata/RHSA-2017:2787https://access.redhat.com/errata/RHSA-2017:2886https://access.redhat.com/errata/RHSA-2018:0279https://access.redhat.com/errata/RHSA-2018:0574
2017-04-24
Published