CVE-2017-3635

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 6.1.10 and earlier MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier

Description A difficult to exploit vulnerability in the MySQL Connectors component of Oracle MySQL allows a low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Connectors. An easily exploitable vulnerability in the MySQL Server component allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server.

Recommendations For MySQL Connectors versions 6.1.10 and earlier, update to a version later than 6.1.10 to resolve the issue. For MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier, update to a version later than 5.5.56, 5.6.36, and 5.7.18 respectively to resolve the issue. As a temporary workaround, consider restricting access to the mysql stmt close() function until a patch is available.