PT-2017-1139 · Mysql Server+2 · Mysql Server+2

Published

2017-01-17

Updated

2018-05-03

CVE-2017-3256

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.7.16 and earlier

Description The issue is related to insufficient input validation in the Server: Replication component of MySQL. It allows an attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server.

Recommendations For versions 5.7.16 and earlier, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1647

BDU:2017-00234

CVE-2017-3256

RHSA-2017:2886

USN-3174-1

Affected Products

Alt Linux

Mysql Server

Ubuntu

PT-2017-1139 · Mysql Server+2 · Mysql Server+2

CVE-2017-3256

Weakness Enumeration

Related Identifiers

Affected Products

References · 288