{"id":"CVE-2017-3308","details":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","modified":"2026-04-11T04:14:28.875856Z","published":"2017-04-24T19:59:00.927Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2017:1137-1","SUSE-SU-2017:2034-1","SUSE-SU-2017:2035-1","SUSE-SU-2018:1853-1","openSUSE-SU-2024:11038-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2886"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0279"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3834"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3944"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97725"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0574"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038287"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2192"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2787"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"3806a323ce414fb3b425d762b9fbe08403432f2a"},{"introduced":"c235de12ae3723b96944337bd89ad9cc87f21d8f"},{"fixed":"acce1f37c2518278a31606c7f1b460ad0ac7347c"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"ca7cf69cb13285585922722063af888b957580ee"}],"database_specific":{"versions":[{"introduced":"10.0.0"},{"fixed":"10.0.31"},{"introduced":"10.1.0"},{"fixed":"10.1.23"},{"introduced":"10.2.0"},{"fixed":"10.2.6"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"54df0057e18d8c82c23fbd4e0bf5b5dc2e762955"},{"last_affected":"c8f0eeb9c8596be83fefb7fef9f9871e53edb020"},{"introduced":"0"},{"last_affected":"d61eb03ba1b8478d6cb09969ca6c38f330a93178"},{"introduced":"0"},{"last_affected":"23032807537d8dd8ee4ec1c4d40f0633cd4e12f9"},{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"54df0057e18d8c82c23fbd4e0bf5b5dc2e762955"},{"fixed":"6fa5e0814662d691be1a29bf88332348ec7c50c9"},{"introduced":"0"},{"last_affected":"ae41ce7c4ecff5e1e336ab768867370b8c94e02d"}],"database_specific":{"versions":[{"introduced":"5.5.0"},{"last_affected":"5.5.54"},{"introduced":"5.6.0"},{"last_affected":"5.6.35"},{"introduced":"5.7.0"},{"last_affected":"5.7.17"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"5.5.0"},{"fixed":"5.5.55"},{"introduced":"0"},{"last_affected":"7.5"}]}}],"versions":["mariadb-10.1.0","mariadb-10.1.10","mariadb-10.1.11","mariadb-10.1.12","mariadb-10.1.13","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.17","mariadb-10.1.18","mariadb-10.1.19","mariadb-10.1.2","mariadb-10.1.20","mariadb-10.1.21","mariadb-10.1.22","mariadb-10.1.3","mariadb-10.1.4","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.2","mariadb-10.2.5","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.5.15","mysql-5.5.19","mysql-5.5.23","mysql-5.5.25","mysql-5.5.27","mysql-5.5.44","mysql-5.5.47","mysql-5.5.49","mysql-5.5.54","mysql-5.6.35","mysql-5.7.17","mysql-8.0.0","mysql-cluster-7.5.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:14:28Z","vanir_signatures":[{"target":{"file":"client/mysqldump.c","function":"dump_events_for_db"},"digest":{"function_hash":"283872701544742768257779130745336628180","length":3056},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-0b2a382b"},{"target":{"file":"client/mysqldump.c","function":"write_header"},"digest":{"function_hash":"61031449315181416583737506107960987338","length":1749},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-0deb9fd5"},{"target":{"file":"storage/xtradb/fil/fil0crypt.cc"},"digest":{"threshold":0.9,"line_hashes":["204405456699725817686923450719053573643","159603287613222550353029239704715289605","227411037663010572806131362012136532147","174380789520269581628843953311720635844","279732681711711148257799929294137598264","105981295089450182223219343964947591985","180566767572234067908382521800899021942","100789308409354219857044795984080552873","12657995055198481240494383704100920759"]},"deprecated":false,"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_version":"v1","signature_type":"Line","id":"CVE-2017-3308-18d3e172"},{"target":{"file":"client/mysqldump.c","function":"dump_table"},"digest":{"function_hash":"273064814930547228481748278923107127025","length":9653},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-3566e59d"},{"target":{"file":"client/mysqldump.c","function":"init_dumping"},"digest":{"function_hash":"42526495682318897469202677931179336455","length":595},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-3dd1fd8a"},{"target":{"file":"client/mysqldump.c","function":"dump_routines_for_db"},"digest":{"function_hash":"229205966501763571287196631931031338507","length":3068},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-573a3d7b"},{"target":{"file":"storage/xtradb/fil/fil0crypt.cc","function":"fil_crypt_complete_rotate_space"},"digest":{"function_hash":"66545367234171178388402008407609466154","length":1360},"deprecated":false,"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-603393f7"},{"target":{"file":"client/mysqldump.c","function":"get_view_structure"},"digest":{"function_hash":"52340132320564584267245206336274565455","length":4417},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-89d625e9"},{"target":{"file":"client/mysqldump.c"},"digest":{"threshold":0.9,"line_hashes":["287840253208859831013181147116206525376","324136547317919813359352064277236333715","282430677639818099929617913825166653421","147139391803266763314761740611417390198","258802801894329452504020721432820698677","91138205289354102969073748767653790743","233493404795263154842363746119238816673","309355098527796234463986548578076187884","246521560388497353004885266086561128681","65595240965851819816944346960684994155","321094355807444156552637940556050534243","173566830439109051968149803806679781001","199290765851492278749490509745647329182","45989153402127012733139951888311868178","114416289830545276075284455762878229460","277119867620039162696505662519865168492","1406835726190704947481628521158899781","174614877685627249914600596442902313165","99127866680226208064705749248054614695","39471861491129910410498619482011041391","281380462612982588805056671783939902254","276555443743869160836284840037473276887","63704244798856370080746536556622922021","196970177491568200692872190131374048986","211909851172610884740259624997676708138","24854640261605884487014526616906487662","206025079568806760122742316187267806127","311871759366108697833006663439889249742","221096165144546299147742464005478717924","105220650397672059064628403102505049061","18628631760629166584977079678764798872","119656696777604396040253590625706193749","221096165144546299147742464005478717924","168602443676074510547085005830811337443","114424463055898619066660915433101962969","153916697495976485808117997579764618991","180695665933106799821938816193290640991","317750465811503273914953924986043255767","299148576020784136739117619416196108572","118157318188170081201040706357790495674","41102378010887911272271175550789649896","149518576500014602976768066358926314484","54189500566898801091712575313356035066","44002167410011708810019578410179393524","203679880670483351499138583783885028443","270476162896496040883649640857060526904","204451005490097465986732821480961200936","223608088947237646770529443703107663724","250724728853505500189006708705469851241","97779087057840683929947270035268598704","332940999390577626529849682776968183891","171433106859136870351199048718637400189","260127954252147593913051498861828999833","292556811704801901721130727931310806132","315481399744044133717527275946904624115","144450971157728465792195077319518344721","138134974382930509413378452785541640177","93139083326288700668774484888006665665"]},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Line","id":"CVE-2017-3308-ba0ccb33"},{"target":{"file":"storage/innobase/fil/fil0crypt.cc","function":"fil_crypt_complete_rotate_space"},"digest":{"function_hash":"66545367234171178388402008407609466154","length":1360},"deprecated":false,"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-cc23b5d3"},{"target":{"file":"client/mysqldump.c","function":"get_table_structure"},"digest":{"function_hash":"227475061533329738085031105100031106996","length":10937},"deprecated":false,"source":"https://github.com/mysql/mysql-server/commit/6fa5e0814662d691be1a29bf88332348ec7c50c9","signature_version":"v1","signature_type":"Function","id":"CVE-2017-3308-d56a3b4a"},{"target":{"file":"storage/innobase/fil/fil0crypt.cc"},"digest":{"threshold":0.9,"line_hashes":["204405456699725817686923450719053573643","159603287613222550353029239704715289605","227411037663010572806131362012136532147","174380789520269581628843953311720635844"]},"deprecated":false,"source":"https://github.com/mariadb/server/commit/acce1f37c2518278a31606c7f1b460ad0ac7347c","signature_version":"v1","signature_type":"Line","id":"CVE-2017-3308-f68a06a2"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3308.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}