Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3599Integer Overflow or Wraparound in Oracle Mysql

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
7.5HIGHNVD
EPSS
87.3%
top 0.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Mysql
Timeline
PublishedApr 24
Latest updateMay 13

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDoracle/mysql5.6.05.6.35+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-292g-7jqj-vpqr: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth)2022-05-13
OSV
CVE-2017-3599: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth)2017-04-24

💥Exploits & PoCs

1
Exploit-DB
MySQL < 5.6.35 / < 5.7.17 - Integer Overflow2017-05-01

📋Vendor Advisories

2
Ubuntu
MySQL vulnerabilities2017-04-27
Red Hat
mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)2017-04-19

💬Community

2
Bugzilla
CVE-2017-3599 mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)2017-04-19
Bugzilla
CVE-2017-3308 CVE-2017-3309 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 community-mysql: various flaws [fedora-all]2017-04-19