#VU6895 Use-after-free error in MySQL Server - CVE-2017-3302


| Updated: 2018-12-06

Vulnerability identifier: #VU6895

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3302

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Server
Server applications / Database software

Vendor: Oracle

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in the libmysqlclient.so. A remote attacker can cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 5.6.21, 5.5.55.

Vulnerable software versions

MySQL Server: 5.5.0 - 5.5.54, 5.6.0 - 5.6.20

: before

External links
https://www.openwall.com/lists/oss-security/2017/02/11/11
https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for MySQL
openSUSE update for mariadb
SUSE Linux update for mariadb
SUSE Linux update for mariadb
Ubuntu update for MySQL
Debian update for mysql-5.5
Slackware Linux update for mariadb
Use-after-free error in mariadb (Alpine package)