CVE-2017-3302

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions prior to 5.6.21 Oracle MySQL versions 5.7.x prior to 5.7.5 MariaDB version 5.5.54 and earlier MariaDB versions 10.0.x through 10.0.29 MariaDB versions 10.1.x through 10.1.21 MariaDB versions 10.2.x through 10.2.3

Description The issue is related to a crash in the libmysqlclient.so component. It affects Oracle MySQL and MariaDB, allowing a high-privileged attacker with network access to compromise the MySQL Server via multiple protocols. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of the MySQL Server.

Recommendations For Oracle MySQL versions prior to 5.6.21, update to version 5.6.21 or later. For Oracle MySQL versions 5.7.x prior to 5.7.5, update to version 5.7.5 or later. For MariaDB version 5.5.54 and earlier, update to a version later than 5.5.54. For MariaDB versions 10.0.x through 10.0.29, update to a version later than 10.0.29. For MariaDB versions 10.1.x through 10.1.21, update to a version later than 10.1.21. For MariaDB versions 10.2.x through 10.2.3, update to a version later than 10.2.3.