Input validation error in mariadb (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3317 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
mariadb (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU33767
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3317
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
MitigationInstall update from vendor's website.
Vulnerable software versionsmariadb (Alpine package): 5.5.47-r0 - 5.5.53-r0
CPE2.3- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.47-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.51-r0:*:*:*:*:alpine_linux:*:3.1
- cpe:2.3:o:alpine:mariadb_alpine_package:5.5.53-r0:*:*:*:*:alpine_linux:*:3.2
https://git.alpinelinux.org/aports/commit/?id=8710ccc362203907f1832978ceee5b5f27c98b53
https://git.alpinelinux.org/aports/commit/?id=a907a102e9dea884f13defde2d37b21d2fc01a0c
https://git.alpinelinux.org/aports/commit/?id=1a623f02f8070ad7c0a163d308230aed76256a7a
https://git.alpinelinux.org/aports/commit/?id=f75a55d7e8bfb8de318319e51b46c9040507bb33
https://git.alpinelinux.org/aports/commit/?id=7ea78917255c8fac1237c165434f38820f0f34db
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
