{"id":"CVE-2017-3309","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","modified":"2026-02-24T01:18:17.648007Z","published":"2017-04-24T19:59:00.957Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2017:1137-1","SUSE-SU-2017:2034-1","SUSE-SU-2017:2035-1","SUSE-SU-2018:1853-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038287"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3834"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3944"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97742"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038287"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2192"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2787"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2886"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0279"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0574"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"5bfe1a3917ee1bddc7f2cde0c88961875148873c"},{"fixed":"6fa5e0814662d691be1a29bf88332348ec7c50c9"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"3806a323ce414fb3b425d762b9fbe08403432f2a"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"ca7cf69cb13285585922722063af888b957580ee"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"acce1f37c2518278a31606c7f1b460ad0ac7347c"}]}],"versions":["mariadb-10.2.0","mysql-5.5.49","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":595,"function_hash":"42526495682318897469202677931179336455"},"target":{"function":"init_dumping","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-017750b4","signature_version":"v1"},{"deprecated":false,"digest":{"length":10937,"function_hash":"227475061533329738085031105100031106996"},"target":{"function":"get_table_structure","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-0778ee24","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["204405456699725817686923450719053573643","159603287613222550353029239704715289605","227411037663010572806131362012136532147","174380789520269581628843953311720635844","279732681711711148257799929294137598264","105981295089450182223219343964947591985","180566767572234067908382521800899021942","100789308409354219857044795984080552873","12657995055198481240494383704100920759"]},"target":{"file":"storage/xtradb/fil/fil0crypt.cc"},"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_type":"Line","id":"CVE-2017-3309-18d3e172","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["287840253208859831013181147116206525376","324136547317919813359352064277236333715","282430677639818099929617913825166653421","147139391803266763314761740611417390198","258802801894329452504020721432820698677","91138205289354102969073748767653790743","233493404795263154842363746119238816673","309355098527796234463986548578076187884","246521560388497353004885266086561128681","65595240965851819816944346960684994155","321094355807444156552637940556050534243","173566830439109051968149803806679781001","199290765851492278749490509745647329182","45989153402127012733139951888311868178","114416289830545276075284455762878229460","277119867620039162696505662519865168492","1406835726190704947481628521158899781","174614877685627249914600596442902313165","99127866680226208064705749248054614695","39471861491129910410498619482011041391","281380462612982588805056671783939902254","276555443743869160836284840037473276887","63704244798856370080746536556622922021","196970177491568200692872190131374048986","211909851172610884740259624997676708138","24854640261605884487014526616906487662","206025079568806760122742316187267806127","311871759366108697833006663439889249742","221096165144546299147742464005478717924","105220650397672059064628403102505049061","18628631760629166584977079678764798872","119656696777604396040253590625706193749","221096165144546299147742464005478717924","168602443676074510547085005830811337443","114424463055898619066660915433101962969","153916697495976485808117997579764618991","180695665933106799821938816193290640991","317750465811503273914953924986043255767","299148576020784136739117619416196108572","118157318188170081201040706357790495674","41102378010887911272271175550789649896","149518576500014602976768066358926314484","54189500566898801091712575313356035066","44002167410011708810019578410179393524","203679880670483351499138583783885028443","270476162896496040883649640857060526904","204451005490097465986732821480961200936","223608088947237646770529443703107663724","250724728853505500189006708705469851241","97779087057840683929947270035268598704","332940999390577626529849682776968183891","171433106859136870351199048718637400189","260127954252147593913051498861828999833","292556811704801901721130727931310806132","315481399744044133717527275946904624115","144450971157728465792195077319518344721","138134974382930509413378452785541640177","93139083326288700668774484888006665665"]},"target":{"file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Line","id":"CVE-2017-3309-230fc291","signature_version":"v1"},{"deprecated":false,"digest":{"length":1749,"function_hash":"61031449315181416583737506107960987338"},"target":{"function":"write_header","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-3d5cc0a7","signature_version":"v1"},{"deprecated":false,"digest":{"length":1360,"function_hash":"66545367234171178388402008407609466154"},"target":{"function":"fil_crypt_complete_rotate_space","file":"storage/xtradb/fil/fil0crypt.cc"},"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_type":"Function","id":"CVE-2017-3309-603393f7","signature_version":"v1"},{"deprecated":false,"digest":{"length":3068,"function_hash":"229205966501763571287196631931031338507"},"target":{"function":"dump_routines_for_db","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-77a2b85b","signature_version":"v1"},{"deprecated":false,"digest":{"length":3056,"function_hash":"283872701544742768257779130745336628180"},"target":{"function":"dump_events_for_db","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-7c5b056e","signature_version":"v1"},{"deprecated":false,"digest":{"length":9653,"function_hash":"273064814930547228481748278923107127025"},"target":{"function":"dump_table","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-923416e2","signature_version":"v1"},{"deprecated":false,"digest":{"length":4417,"function_hash":"52340132320564584267245206336274565455"},"target":{"function":"get_view_structure","file":"client/mysqldump.c"},"source":"https://github.com/mariadb/server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-be381038","signature_version":"v1"},{"deprecated":false,"digest":{"length":1360,"function_hash":"66545367234171178388402008407609466154"},"target":{"function":"fil_crypt_complete_rotate_space","file":"storage/innobase/fil/fil0crypt.cc"},"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_type":"Function","id":"CVE-2017-3309-cc23b5d3","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["204405456699725817686923450719053573643","159603287613222550353029239704715289605","227411037663010572806131362012136532147","174380789520269581628843953311720635844"]},"target":{"file":"storage/innobase/fil/fil0crypt.cc"},"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_type":"Line","id":"CVE-2017-3309-f68a06a2","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3309.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"54df0057e18d8c82c23fbd4e0bf5b5dc2e762955"},{"fixed":"6fa5e0814662d691be1a29bf88332348ec7c50c9"}]}],"versions":["mysql-5.0.87sp1","mysql-5.0.90","mysql-5.0.91","mysql-5.0.92","mysql-5.0.93","mysql-5.0.94","mysql-5.0.95","mysql-5.0.96","mysql-5.1.40sp1","mysql-5.1.41","mysql-5.1.42","mysql-5.1.43","mysql-5.1.43sp1","mysql-5.1.44","mysql-5.1.45","mysql-5.1.46","mysql-5.1.46sp1","mysql-5.1.47","mysql-5.1.48","mysql-5.1.49","mysql-5.1.49sp1","mysql-5.1.50","mysql-5.1.51","mysql-5.1.52","mysql-5.1.52sp1","mysql-5.1.53","mysql-5.1.54","mysql-5.1.55","mysql-5.1.56","mysql-5.1.57","mysql-5.1.58","mysql-5.1.59","mysql-5.1.60","mysql-5.1.61","mysql-5.1.62","mysql-5.1.63","mysql-5.1.65","mysql-5.1.66","mysql-5.1.67","mysql-5.1.68","mysql-5.1.69","mysql-5.1.69-retag","mysql-5.1.70","mysql-5.1.71","mysql-5.1.72","mysql-5.1.73","mysql-5.1.74","mysql-5.1.75","mysql-5.1.76","mysql-5.1.77","mysql-5.5.0","mysql-5.5.1-m2","mysql-5.5.10","mysql-5.5.11","mysql-5.5.12","mysql-5.5.13","mysql-5.5.14","mysql-5.5.15","mysql-5.5.16","mysql-5.5.17","mysql-5.5.18","mysql-5.5.19","mysql-5.5.2-m2","mysql-5.5.20","mysql-5.5.21","mysql-5.5.22","mysql-5.5.23","mysql-5.5.24","mysql-5.5.25","mysql-5.5.25a","mysql-5.5.27","mysql-5.5.28","mysql-5.5.29","mysql-5.5.3-m3","mysql-5.5.30","mysql-5.5.31","mysql-5.5.32","mysql-5.5.33","mysql-5.5.34","mysql-5.5.35","mysql-5.5.36","mysql-5.5.37","mysql-5.5.38","mysql-5.5.39","mysql-5.5.40","mysql-5.5.41","mysql-5.5.42","mysql-5.5.43","mysql-5.5.44","mysql-5.5.45","mysql-5.5.46","mysql-5.5.47","mysql-5.5.48","mysql-5.5.49","mysql-5.5.5-m3","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54","mysql-5.5.6-rc","mysql-5.5.7","mysql-5.5.8","mysql-5.5.9"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":3056,"function_hash":"283872701544742768257779130745336628180"},"target":{"function":"dump_events_for_db","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-0b2a382b","signature_version":"v1"},{"deprecated":false,"digest":{"length":1749,"function_hash":"61031449315181416583737506107960987338"},"target":{"function":"write_header","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-0deb9fd5","signature_version":"v1"},{"deprecated":false,"digest":{"length":9653,"function_hash":"273064814930547228481748278923107127025"},"target":{"function":"dump_table","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-3566e59d","signature_version":"v1"},{"deprecated":false,"digest":{"length":595,"function_hash":"42526495682318897469202677931179336455"},"target":{"function":"init_dumping","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-3dd1fd8a","signature_version":"v1"},{"deprecated":false,"digest":{"length":3068,"function_hash":"229205966501763571287196631931031338507"},"target":{"function":"dump_routines_for_db","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-573a3d7b","signature_version":"v1"},{"deprecated":false,"digest":{"length":4417,"function_hash":"52340132320564584267245206336274565455"},"target":{"function":"get_view_structure","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-89d625e9","signature_version":"v1"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["287840253208859831013181147116206525376","324136547317919813359352064277236333715","282430677639818099929617913825166653421","147139391803266763314761740611417390198","258802801894329452504020721432820698677","91138205289354102969073748767653790743","233493404795263154842363746119238816673","309355098527796234463986548578076187884","246521560388497353004885266086561128681","65595240965851819816944346960684994155","321094355807444156552637940556050534243","173566830439109051968149803806679781001","199290765851492278749490509745647329182","45989153402127012733139951888311868178","114416289830545276075284455762878229460","277119867620039162696505662519865168492","1406835726190704947481628521158899781","174614877685627249914600596442902313165","99127866680226208064705749248054614695","39471861491129910410498619482011041391","281380462612982588805056671783939902254","276555443743869160836284840037473276887","63704244798856370080746536556622922021","196970177491568200692872190131374048986","211909851172610884740259624997676708138","24854640261605884487014526616906487662","206025079568806760122742316187267806127","311871759366108697833006663439889249742","221096165144546299147742464005478717924","105220650397672059064628403102505049061","18628631760629166584977079678764798872","119656696777604396040253590625706193749","221096165144546299147742464005478717924","168602443676074510547085005830811337443","114424463055898619066660915433101962969","153916697495976485808117997579764618991","180695665933106799821938816193290640991","317750465811503273914953924986043255767","299148576020784136739117619416196108572","118157318188170081201040706357790495674","41102378010887911272271175550789649896","149518576500014602976768066358926314484","54189500566898801091712575313356035066","44002167410011708810019578410179393524","203679880670483351499138583783885028443","270476162896496040883649640857060526904","204451005490097465986732821480961200936","223608088947237646770529443703107663724","250724728853505500189006708705469851241","97779087057840683929947270035268598704","332940999390577626529849682776968183891","171433106859136870351199048718637400189","260127954252147593913051498861828999833","292556811704801901721130727931310806132","315481399744044133717527275946904624115","144450971157728465792195077319518344721","138134974382930509413378452785541640177","93139083326288700668774484888006665665"]},"target":{"file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Line","id":"CVE-2017-3309-ba0ccb33","signature_version":"v1"},{"deprecated":false,"digest":{"length":10937,"function_hash":"227475061533329738085031105100031106996"},"target":{"function":"get_table_structure","file":"client/mysqldump.c"},"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_type":"Function","id":"CVE-2017-3309-d56a3b4a","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3309.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}