CVE-2017-3647

medium

Published 2017-08-08 · Modified 2026-05-13

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

4.4

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.4

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Predictions

Exploit likelihood

54%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description mysql: Server: Replication unspecified vulnerability (CPU Jul 2017) CVSS v3: 4.4 (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Software Collections for Red Hat Enterprise Linux 6rh-mysql56-mysql-0:5.6.37-5.el6RHSA-2017:27872017-09-21T00:00:00Z Red Hat Software Collections for Red Hat Enterprise Linux…

Description

mysql: Server: Replication unspecified vulnerability (CPU Jul 2017)

CVSS v3: 4.4 (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Software Collections for Red Hat Enterprise Linux 6	`rh-mysql56-mysql-0:5.6.37-5.el6`	RHSA-2017:2787	2017-09-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6	`rh-mysql57-mysql-0:5.7.19-6.el6`	RHSA-2017:2886	2017-10-12T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	`rh-mysql56-mysql-0:5.6.37-5.el6`	RHSA-2017:2787	2017-09-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	`rh-mysql57-mysql-0:5.7.19-6.el6`	RHSA-2017:2886	2017-10-12T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7	`rh-mysql56-mysql-0:5.6.37-5.el7`	RHSA-2017:2787	2017-09-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7	`rh-mysql57-mysql-0:5.7.19-6.el7`	RHSA-2017:2886	2017-10-12T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	`rh-mysql56-mysql-0:5.6.37-5.el7`	RHSA-2017:2787	2017-09-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	`rh-mysql57-mysql-0:5.7.19-6.el7`	RHSA-2017:2886	2017-10-12T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 5	`mysql55-mysql`	Not affected
Red Hat Enterprise Linux 6	`mysql`	Not affected
Red Hat Enterprise Linux 7	`mariadb`	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	`mariadb-galera`	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	`mariadb-galera`	Not affected
Red Hat OpenStack Platform 10 (Newton)	`mariadb-galera`	Not affected
Red Hat OpenStack Platform 11 (Ocata)	`mariadb-galera`	Not affected
Red Hat OpenStack Platform 12 (Pike)	`mariadb-galera`	Not affected
Red Hat OpenStack Platform 8 (Liberty)	`mariadb-galera`	Not affected
Red Hat OpenStack Platform 9 (Mitaka)	`mariadb-galera`	Not affected
Red Hat Software Collections	`rh-mariadb100-mariadb`	Not affected
Red Hat Software Collections	`rh-mariadb101-mariadb`	Not affected
Red Hat Software Collections	`rh-mariadb102-mariadb`	Not affected

Apply commands

bash fix

Apply RHSA-2017:2787 for Red Hat Software Collections for Red Hat Enterprise Linux 6

yum update -y rh-mysql56-mysql
# or:
dnf upgrade -y rh-mysql56-mysql

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 5	`Not affected`
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	`Not affected`
redhat	Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	`Not affected`
redhat	Red Hat OpenStack Platform 10 (Newton)	`Not affected`
redhat	Red Hat OpenStack Platform 11 (Ocata)	`Not affected`
redhat	Red Hat OpenStack Platform 12 (Pike)	`Not affected`
redhat	Red Hat OpenStack Platform 8 (Liberty)	`Not affected`
redhat	Red Hat OpenStack Platform 9 (Mitaka)	`Not affected`
redhat	Red Hat Software Collections	`Not affected`
redhat	Red Hat Software Collections	`Not affected`
redhat	Red Hat Software Collections	`Not affected`

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions	Fixed
oracle	mysql	`{"startIncluding":"5.6.0","endIncluding":"5.6.36"}`
oracle	mysql	`{"startIncluding":"5.7.0","endIncluding":"5.7.18"}`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.