{"id":"CVE-2017-15365","details":"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.","modified":"2026-04-16T06:21:40.680438678Z","published":"2018-01-25T16:29:00.290Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2018:1853-1","SUSE-SU-2019:1441-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4341"},{"type":"ADVISORY","url":"https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"},{"type":"ADVISORY","url":"https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1258"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524234"},{"type":"FIX","url":"https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"fixed":"461cf3e5a3c2d346d75b1407b285f8daf9d01f67"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"58e0dcb93dc2b2bf49f76c754bd216dbdf875a0d"},{"fixed":"0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.1.30"},{"introduced":"10.2.0"},{"fixed":"10.2.10"}]}},{"type":"GIT","repo":"https://github.com/percona/percona-xtradb-cluster","events":[{"introduced":"0"},{"fixed":"114f2f2115f843eb415c5716adff9dfa4d62d5f5"},{"introduced":"0"},{"fixed":"35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.6.37-26.21-3"},{"introduced":"5.7.0"},{"fixed":"5.7.19-29.22-3"}]}}],"versions":["Percona-Server-5.6.5-60.0","Percona-XtraDB-Cluster-5.6.14-25.1","Percona-XtraDB-Cluster-5.6.15-25.2","Percona-XtraDB-Cluster-5.6.15-25.3","Percona-XtraDB-Cluster-5.6.15-25.4","Percona-XtraDB-Cluster-5.6.15-25.5","Percona-XtraDB-Cluster-5.6.19-25.6","Percona-XtraDB-Cluster-5.6.20-25.7","Percona-XtraDB-Cluster-5.6.24-25.11","Percona-XtraDB-Cluster-5.6.37-26.21","last-PS-5.5-as-patches","mariadb-10.1.0","mariadb-10.1.10","mariadb-10.1.11","mariadb-10.1.12","mariadb-10.1.13","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.17","mariadb-10.1.18","mariadb-10.1.19","mariadb-10.1.2","mariadb-10.1.20","mariadb-10.1.21","mariadb-10.1.22","mariadb-10.1.23","mariadb-10.1.24","mariadb-10.1.25","mariadb-10.1.26","mariadb-10.1.27","mariadb-10.1.28","mariadb-10.1.29","mariadb-10.1.3","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.2","mariadb-10.2.5","mariadb-10.2.6","mariadb-10.2.7","mariadb-10.2.8","mariadb-10.2.9","pre-null-merge","pxc_5.6.25-25.12-3.12"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:47:49Z","vanir_signatures":[{"target":{"file":"sql/sql_parse.cc","function":"mysql_execute_command"},"digest":{"function_hash":"340115097222418065729405755123585243751","length":67347},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-02146ae8","deprecated":false},{"target":{"file":"storage/innobase/os/os0file.cc","function":"os_file_set_size"},"digest":{"function_hash":"229436509491359859587976164905941824146","length":1930},"source":"https://github.com/mariadb/server/commit/58e0dcb93dc2b2bf49f76c754bd216dbdf875a0d","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-0500cd26","deprecated":false},{"target":{"file":"sql/sql_admin.cc","function":"Sql_cmd_analyze_table::execute"},"digest":{"function_hash":"76350646266135454620243150473648364262","length":892},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-0ce6d162","deprecated":false},{"target":{"file":"sql/events.cc","function":"Events::update_event"},"digest":{"function_hash":"190137404794466722436660618628372515504","length":2368},"signature_version":"v1","id":"CVE-2017-15365-0f612119","signature_type":"Function","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/sql_trigger.cc","function":"mysql_create_or_drop_trigger"},"digest":{"function_hash":"253240355021947870789386660288371478273","length":3725},"deprecated":false,"id":"CVE-2017-15365-1cb1f99f","signature_type":"Function","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1"},{"target":{"file":"sql/sql_plugin.cc"},"digest":{"line_hashes":["85050564063628781914119546934002931631","41199732213114656794248004587188264248","155915766376185168118576416096969110231","118061773413098746022792812969888410644","217506211197846749529071466771931437866","89444717207131587280602571702058995916","134557130438088055300503336559830081895","82276453125067670660482356426905896228","335690048416565001917886714267602530402","250782079164513020447201050833455520288","289223717197846416744381055593030533202","23974216956588390946297058804964090349","46997601717090217261715095031555889323","211898030204135093978374929748265515454","168199001836781049666893622191909754230","97496161959144551304583283062829262336","60476595227837376833815517271542834510","160607140880682490032459047614703948222","66515036946292548080523373326279588564","68230410419769947997530983259704426458","323085865814929295000617823251776890777","273234888987293520754087682325923461383","206399271545455692154514804700871643722","324452422973070878002184345461748449100","43925770051999349638415246272699686986","85904493836637980545935338779345839299","27341419661512658322628399819505909428","14746233500210770623519878051971349929","65104733839290786453959720768862139713","187382629639453187929735725335139585965","203901199777249622234312115361706897444","4688759485858374403603962694593135098","86239369382185817227729390927174612427","100144512690974416262061569727736738205","60801522791634779124499004110973100111","125138663862723706256481052526604400316","97059553110792816372363473779093675948","50633348974490503967867074821948562990","259789283724387710824460208406247439263","220285813926773562222558142990156392567","22571313056633137084585270340383770216","202150364959857244811456458508402505340","324452422973070878002184345461748449100","43925770051999349638415246272699686986","85904493836637980545935338779345839299","27341419661512658322628399819505909428","14746233500210770623519878051971349929","65104733839290786453959720768862139713","187382629639453187929735725335139585965","203901199777249622234312115361706897444"],"threshold":0.9},"signature_version":"v1","id":"CVE-2017-15365-1d989611","signature_type":"Line","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/sql_plugin.cc","function":"mysql_install_plugin"},"digest":{"function_hash":"66599710778859425362925102498508849501","length":2393},"id":"CVE-2017-15365-2859d592","deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/sql_view.cc","function":"mysql_create_view"},"digest":{"function_hash":"184626634648332441551006481951234016694","length":6459},"deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_type":"Function","signature_version":"v1","id":"CVE-2017-15365-4719f02e"},{"target":{"file":"sql/sql_view.cc"},"digest":{"line_hashes":["145674612374661813382301856103201572093","69329307454756746615214257714427285667","210655772154222205009672531046893765476","22344461071890244341952220103211507467","215046809845070035416260308395858787494","90700078353299331167556645524085620852","180894983905448727215238232456468304869"],"threshold":0.9},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Line","id":"CVE-2017-15365-4b5462a9","deprecated":false},{"target":{"file":"sql/sql_admin.cc"},"digest":{"line_hashes":["86898837995144321941713211955320085874","207450916557743462767622047161184180377","128865512787217075705911853008221933861","298818306938335161730348179069337661913","326664175565842218425097451222603914900","24663644088095311906399164873596205890","192265216215969733926644504232065643421","89915253385090556823860799109770194463","86898837995144321941713211955320085874","207450916557743462767622047161184180377","128865512787217075705911853008221933861","31419619232815109532278238298534480680","86898837995144321941713211955320085874","207450916557743462767622047161184180377","128865512787217075705911853008221933861","126288737477306161225319137978721848265"],"threshold":0.9},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Line","id":"CVE-2017-15365-51185c18","deprecated":false},{"target":{"file":"sql/sql_plugin.cc","function":"mysql_uninstall_plugin"},"digest":{"function_hash":"194914716881944819995531960155010550183","length":3325},"id":"CVE-2017-15365-53046db0","deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/events.cc"},"digest":{"line_hashes":["162135899962516027291817056817872750452","31697819063885085280176166996233237043","76510771742557435000720238495143614404","85907656725135824730075445625675422502","21594070328396228304303870692731360958","128013747770982457899977949541768163516","265203614328869154895934971404087688856","241969477720886896407315432077386740653","282717696335591537785062726905861693960","92339604735869753915531577387046461396","334442837641878203942298884587871541336","21594070328396228304303870692731360958","128013747770982457899977949541768163516","265203614328869154895934971404087688856","171613769341520228448821519758141763485","302902819262993010978182507522839779895","170101854076902305158229409193336767513","326763061225810181909269787892588362958","157447285295352115273033261239964786237","229163937239248502514784603611924068765","29823221558127272423787328213508533523","123636261144641867724056821192055986411","85671122779957377399898686766565475337","232527283389873445644228364170395138644"],"threshold":0.9},"deprecated":false,"id":"CVE-2017-15365-5ca016fb","signature_type":"Line","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1"},{"target":{"file":"sql/wsrep_mysqld.cc","function":"wsrep_can_run_in_toi"},"digest":{"function_hash":"52538982613482840611728240312435396835","length":1202},"signature_version":"v1","id":"CVE-2017-15365-60f4671c","signature_type":"Function","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"storage/innobase/os/os0file.cc"},"digest":{"line_hashes":["199074947337376739812679047825821336002","46725345608552447089949872245821081371","119120488045980108076426049636030945131","58230573690248886038051992579509304232","326895143270909796380178638763687471280","263146896042637856319085632199764889177","122131190033688622756744393943115563446","133068113502970118870593079691731269775","111890012607856213573104663272595866488","61566547659338840586290761302690848319","313474223702629979055129385503607972230"],"threshold":0.9},"signature_version":"v1","id":"CVE-2017-15365-6ad32b91","signature_type":"Line","deprecated":false,"source":"https://github.com/mariadb/server/commit/58e0dcb93dc2b2bf49f76c754bd216dbdf875a0d"},{"target":{"file":"sql/sql_parse.cc"},"digest":{"line_hashes":["154426316728869344243475467901452416799","92391849382474900360608396720291242027","169339906631873436780732900784322317410","278757136383222042278981544373300807355","273362321712454608216579166443584151914","45878177247155174411996739053196624282","25880621124286341514328773549652937400","164052403789445629580793084266643735738","3018694919479777135250720766056212720","215045722671390355315751330227560386788","217213236541788987866879358048093152240","142971985295485334086542045739670995856","328157631362394008933086507155741906628","339669222840457089214937386815030460114","145168624635104457199302421359611310828","263617289977176666136004720470080338109","213500763534874751538726032937679140349","338933481782252406325401225436762347416","53604587620217955018827487749853129620","184470339817293329638339608868652502380","311938439716048184793509217247049839812","172963563099361015850221240014158515193","301589580737478737231588855625195565693","74250686234874356218596282953822354168","213500763534874751538726032937679140349","22370804348356306371000842204359860096","330802766090508953302190388751874763375","291856047275595997855402552821941705362","80722102013442216702873456002092342538","226375966034622781647691019259598222145","305884500806290911174494961446979432787","305244018489192917409608593630631603069","41809346081521421567123361194553182027","278117143197125094278457130682227281567","272109959512841651563474237611693315635","229925794698816309393890027718974315705","325425147445178073335267464368197574970","220064779684513928966285416267005015911","213500763534874751538726032937679140349","260089374671673115667396202804984069184","318710542445696251228558220296228734594","105078868016917354292128857633993782483"],"threshold":0.9},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Line","id":"CVE-2017-15365-7c67c8a6","deprecated":false},{"target":{"file":"sql/sql_admin.cc","function":"Sql_cmd_optimize_table::execute"},"digest":{"function_hash":"25191156081915510437341816653408537171","length":943},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-87cee0f7","deprecated":false},{"target":{"file":"sql/sql_plugin.cc","function":"Sql_cmd_uninstall_plugin::execute"},"digest":{"function_hash":"317043907751517782494325057462675037235","length":426},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-8899e394","deprecated":false},{"target":{"file":"sql/sql_plugin.cc","function":"Sql_cmd_install_plugin::execute"},"digest":{"function_hash":"281906489402410424435013838783347156188","length":434},"signature_version":"v1","id":"CVE-2017-15365-8fe12de0","signature_type":"Function","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/events.cc","function":"Events::drop_event"},"digest":{"function_hash":"340075780324252718993224149534397800066","length":888},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Function","id":"CVE-2017-15365-95f1d4ed","deprecated":false},{"target":{"file":"sql/wsrep_mysqld.cc"},"digest":{"line_hashes":["225291589362795844107204274666632048023","69947428011776552930094402229231672859","36525049283362694075414147714184456968","125054980182175456092955645242391363919","83170739632096322856781489057438303322","294020110172378703539318048394979238292","69396802346198325946366047125162324550","14958922918265365937644591018626262628"],"threshold":0.9},"signature_version":"v1","id":"CVE-2017-15365-a19e5ff1","signature_type":"Line","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/sql_admin.cc","function":"Sql_cmd_check_table::execute"},"digest":{"function_hash":"251930910795379549046226921014611712142","length":733},"signature_version":"v1","id":"CVE-2017-15365-a233f722","signature_type":"Function","deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/event_data_objects.cc"},"digest":{"line_hashes":["9445645027427897318389279784351991844","87444934157594803502997278046451811121","168642665163784736974270184797232777216","82099996151664014416644330738062463880","272829302966075433290701918267687987954","53018175324844088271187787267686989289","306310327001560995259621411615300829613","138176057444522303513843507441557869369","110863210512714455066181538149603831554","162363930710182101563708158395046080095","216275540879309119547887464884848870991","326103304815071275075586492459181713480","5134074510500322221950659449014431694"],"threshold":0.9},"signature_version":"v1","id":"CVE-2017-15365-a325de97","signature_type":"Line","deprecated":false,"source":"https://github.com/mariadb/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"},{"target":{"file":"sql/sql_trigger.cc"},"digest":{"line_hashes":["184214807800023653690599266077536985900","19540602963804759423853066035327441277","188344967690280027980197387638500792233","201590030836001046874096562991782245694","314458541102700780728562254793812748399","285813487884419730202126322478948728731"],"threshold":0.9},"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1","signature_type":"Line","id":"CVE-2017-15365-ac13bca9","deprecated":false},{"target":{"file":"sql/sql_admin.cc","function":"Sql_cmd_repair_table::execute"},"digest":{"function_hash":"37128692526000630820145365270427454356","length":958},"id":"CVE-2017-15365-b90c414a","deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345"},{"target":{"file":"sql/event_data_objects.cc","function":"Event_job_data::execute"},"digest":{"function_hash":"92090847435171987634355350098869258426","length":2993},"signature_version":"v1","id":"CVE-2017-15365-bbea56f3","signature_type":"Function","deprecated":false,"source":"https://github.com/mariadb/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"},{"target":{"file":"sql/events.h"},"digest":{"line_hashes":["294405566040453937867853939188296883346","222269723502261650699623750124224197003","172550522525727973499568678818732546812"],"threshold":0.9},"deprecated":false,"source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_type":"Line","signature_version":"v1","id":"CVE-2017-15365-c3352525"},{"target":{"file":"sql/events.cc","function":"Events::create_event"},"digest":{"function_hash":"236735055241453407957720544094375894146","length":2104},"deprecated":false,"id":"CVE-2017-15365-c914e46f","signature_type":"Function","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1"},{"target":{"file":"sql/event_data_objects.cc"},"digest":{"line_hashes":["202326375134789616263798810587675522919","250932112856706140884162512513213551911","258127563941187261817540132560090445544","61699300462303355005960131325020547555","232466536121799891327859911517984188954","112534036721014254286343002214152613905","73253059242096609111837045749491560915","279589401598321479435951421185050753","276967271339984636067394473418338498919","146960422443563625101644622259914707780","115614399149152867422796321299267012328","221989803976748017490570800910354541674","330805928167328324930796805662450553419","301425414951296654148907296981708496490","22188435082487339861227711271995104631","249539360940561834190899446682836505865","34050660596769883482002027360544031030","44360714670567049667041323021851289823"],"threshold":0.9},"deprecated":false,"id":"CVE-2017-15365-eea9fe83","signature_type":"Line","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1"},{"target":{"file":"sql/event_data_objects.cc","function":"Event_job_data::execute"},"digest":{"function_hash":"82308716015560253635311026364021529214","length":3713},"deprecated":false,"id":"CVE-2017-15365-f3831c0a","signature_type":"Function","source":"https://github.com/percona/percona-xtradb-cluster/commit/35cdc81c1c5c3812fbccf49bd7454ac5b1c01345","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"26"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15365.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}