Vulnerability-Lookup

CVE-2017-10283 (GCVE-0-2017-10283)

Vulnerability from cvelistv5 – Published: 2017-10-19 17:00 – Updated: 2024-10-04 16:55

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity ?

No CVSS data available.

CWE

Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

URL

Tags

	https://security.netapp.com/advisory/ntap-2017101…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:3265	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1039597	vdb-entryx_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:3442	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/101420	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Oracle Corporation	MySQL Server	Affected: 5.6.37 and earlier Affected: 5.7.19 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
          },
          {
            "name": "RHSA-2017:3265",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3265"
          },
          {
            "name": "1039597",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3442",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3442"
          },
          {
            "name": "101420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101420"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:45:53.292479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:55:27.649Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.37 and earlier"
            },
            {
              "status": "affected",
              "version": "5.7.19 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-13T10:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
        },
        {
          "name": "RHSA-2017:3265",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3265"
        },
        {
          "name": "1039597",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2017:3442",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3442"
        },
        {
          "name": "101420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.6.37 and earlier"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.7.19 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
            },
            {
              "name": "RHSA-2017:3265",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3265"
            },
            {
              "name": "1039597",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039597"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2017:3442",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3442"
            },
            {
              "name": "101420",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10283",
    "datePublished": "2017-10-19T17:00:00.000Z",
    "dateReserved": "2017-06-21T00:00:00.000Z",
    "dateUpdated": "2024-10-04T16:55:27.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20171019-0002/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3265\", \"name\": \"RHSA-2017:3265\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1039597\", \"name\": \"1039597\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3442\", \"name\": \"RHSA-2017:3442\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/101420\", \"name\": \"101420\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:33:16.924Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-10283\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T15:45:53.292479Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T15:47:35.973Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.6.37 and earlier\"}, {\"status\": \"affected\", \"version\": \"5.7.19 and earlier\"}]}], \"datePublic\": \"2017-10-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20171019-0002/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3265\", \"name\": \"RHSA-2017:3265\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securitytracker.com/id/1039597\", \"name\": \"1039597\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3442\", \"name\": \"RHSA-2017:3442\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securityfocus.com/bid/101420\", \"name\": \"101420\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2017-12-13T10:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"5.6.37 and earlier\", \"version_affected\": \"=\"}, {\"version_value\": \"5.7.19 and earlier\", \"version_affected\": \"=\"}]}, \"product_name\": \"MySQL Server\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20171019-0002/\", \"name\": \"https://security.netapp.com/advisory/ntap-20171019-0002/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3265\", \"name\": \"RHSA-2017:3265\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securitytracker.com/id/1039597\", \"name\": \"1039597\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3442\", \"name\": \"RHSA-2017:3442\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securityfocus.com/bid/101420\", \"name\": \"101420\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-10283\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-10283\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-04T16:55:27.649Z\", \"dateReserved\": \"2017-06-21T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2017-10-19T17:00:00.000Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2017-AVI-367

Vulnerability from certfr_avis - Published: 2017-10-18 - Updated: 2017-10-18

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Server versions 5.5.57 et antérieures
Oracle	MySQL	MySQL Server versions 5.7.19 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor 3.4.2.4181 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.37 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor 3.2.8.2223 et antérieures
Oracle	MySQL	MySQL Server versions 6.9.9 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor 3.3.4.3247 et antérieures

References

Title

Publication Time

GHSA-C3F4-7JG4-RRH2

Vulnerability from github – Published: 2022-05-17 00:15 – Updated: 2025-04-20 03:47

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-10283"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-19T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-c3f4-7jg4-rrh2",
  "modified": "2025-04-20T03:47:09Z",
  "published": "2022-05-17T00:15:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10283"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3265"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3442"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20171019-0002"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101420"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-32202

Vulnerability from cnvd - Published: 2017-10-30

Title

Oracle MySQL Server拒绝服务漏洞（CNVD-2017-32202）

Description

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。MySQL Server是其中的服务器组件。 Oracle MySQL中的MySQL Server组件5.6.37及之前的版本和5.7.19及之前的版本的Server: Performance Schema子组件存在安全漏洞。攻击者可利用该漏洞造成拒绝服务（组件挂起和频繁崩溃），影响数据的可用性。

Severity

低

Patch Name

Oracle MySQL Server拒绝服务漏洞（CNVD-2017-32202）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Reference

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Impacted products

Name
['Oracle MySQL Server <=5.6.37', 'Oracle MySQL Server <=5.7.19']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2017-10283"
      },
      {
        "cveNumber": "101420"
      }
    ]
  },
  "description": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7cfb\u7edf\u5177\u6709\u6027\u80fd\u9ad8\u3001\u6210\u672c\u4f4e\u3001\u53ef\u9760\u6027\u597d\u7b49\u7279\u70b9\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\nOracle MySQL\u4e2d\u7684MySQL Server\u7ec4\u4ef65.6.37\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548c5.7.19\u53ca\u4e4b\u524d\u7684\u7248\u672c\u7684Server: Performance Schema\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7ec4\u4ef6\u6302\u8d77\u548c\u9891\u7e41\u5d29\u6e83\uff09\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32202",
  "openTime": "2017-10-30",
  "patchDescription": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7cfb\u7edf\u5177\u6709\u6027\u80fd\u9ad8\u3001\u6210\u672c\u4f4e\u3001\u53ef\u9760\u6027\u597d\u7b49\u7279\u70b9\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\nOracle MySQL\u4e2d\u7684MySQL Server\u7ec4\u4ef65.6.37\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548c5.7.19\u53ca\u4e4b\u524d\u7684\u7248\u672c\u7684Server: Performance Schema\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7ec4\u4ef6\u6302\u8d77\u548c\u9891\u7e41\u5d29\u6e83\uff09\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle MySQL Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-32202\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle MySQL Server \u003c=5.6.37",
      "Oracle MySQL Server \u003c=5.7.19"
    ]
  },
  "referenceLink": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
  "serverity": "\u4f4e",
  "submitTime": "2017-10-18",
  "title": "Oracle MySQL Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-32202\uff09"
}

FKIE_CVE-2017-10283

Vulnerability from fkie_nvd - Published: 2017-10-19 17:29 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert_us@oracle.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch, Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/101420	Third Party Advisory, VDB Entry
secalert_us@oracle.com	http://www.securitytracker.com/id/1039597	Third Party Advisory, VDB Entry
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2017:3265
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2017:3442
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20171019-0002/
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101420	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039597	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:3265
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:3442
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20171019-0002/

Impacted products

Vendor	Product	Version
oracle	mysql	5.6.0
oracle	mysql	5.6.1
oracle	mysql	5.6.2
oracle	mysql	5.6.3
oracle	mysql	5.6.4
oracle	mysql	5.6.5
oracle	mysql	5.6.6
oracle	mysql	5.6.7
oracle	mysql	5.6.8
oracle	mysql	5.6.9
oracle	mysql	5.6.10
oracle	mysql	5.6.11
oracle	mysql	5.6.12
oracle	mysql	5.6.13
oracle	mysql	5.6.14
oracle	mysql	5.6.15
oracle	mysql	5.6.16
oracle	mysql	5.6.17
oracle	mysql	5.6.21
oracle	mysql	5.6.22
oracle	mysql	5.6.23
oracle	mysql	5.6.26
oracle	mysql	5.6.27
oracle	mysql	5.6.28
oracle	mysql	5.6.29
oracle	mysql	5.6.30
oracle	mysql	5.6.31
oracle	mysql	5.6.32
oracle	mysql	5.6.33
oracle	mysql	5.6.34
oracle	mysql	5.6.35
oracle	mysql	5.6.36
oracle	mysql	5.6.37
oracle	mysql	5.7.0
oracle	mysql	5.7.1
oracle	mysql	5.7.2
oracle	mysql	5.7.3
oracle	mysql	5.7.4
oracle	mysql	5.7.5
oracle	mysql	5.7.6
oracle	mysql	5.7.7
oracle	mysql	5.7.8
oracle	mysql	5.7.9
oracle	mysql	5.7.10
oracle	mysql	5.7.11
oracle	mysql	5.7.12
oracle	mysql	5.7.13
oracle	mysql	5.7.14
oracle	mysql	5.7.15
oracle	mysql	5.7.16
oracle	mysql	5.7.17
oracle	mysql	5.7.18
oracle	mysql	5.7.19

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0089EDF-4806-417D-A4F1-63FF03C5AEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "898A5CD5-83A5-4335-835F-759F82862753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C851FA0E-357E-4B9E-A441-9C74B3526B37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12FA18C-AB93-4522-AA2C-303342452E59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD31981-E3ED-41D0-92EB-ABA7490D60E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E918FF1-8B40-4DC3-9269-1D3BFD18C58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCD7C2D-49E9-4D78-90CF-F747A1584269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7956E471-E98A-4527-A5F4-863210E09D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "615F499A-5C33-4E79-80FA-9A1453D8A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD40EA2-F432-4F89-9E59-0DB4D415CA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "41494A2D-4BBC-4C3B-841F-878C2430A444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A62DA4D8-27B4-4026-9035-75AC35F58439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6DF5346-DC9A-4615-BEAC-2F5FD57C3B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E948C884-E747-4E7C-B111-4A8DA22E421C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F933CF3-A850-4D3F-A16D-8129E246BF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "038D17E1-2932-4D47-A748-F8A1D46B6721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9028492-4114-4C9A-9E88-4B6C4FA6CC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B844437C-3D19-4F50-8FBC-B1D0BDDEC59E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F96B5EE-782E-444F-8CA2-D178CD26FB3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "5798742F-986C-4A46-8815-48003192EE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7081F919-3653-465F-8171-80FA4E5D5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB0F1D5-7355-4160-8C31-B109C6BA9BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF1373B-0F2A-402F-A402-D56CAEFB98EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0F977-D5B8-4528-9B57-4A9DEB500F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "1775D2BE-117C-447C-B934-3F24E387F981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D8DCD5-9E5C-433A-9737-5EA50B48EA92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "08D4C576-99EB-4890-B0BD-58F0DF60963E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "5037477B-FE67-4474-930A-50A2EE72E2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "00A47740-11D4-4C1C-9AD7-0DF600BD3A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB0B03F-A264-4113-8961-41C28333503A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "88127FDE-4695-4AC9-B6BA-F57149B2770D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "034D7BE0-14EA-4CCB-91DF-3B1A4A8AA78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.6.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD09E3CF-B900-4B0A-BFE7-8BADA709AD1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "006CE9D3-B3EC-4E4A-91AB-DCD2A32A271F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "112BF532-FD22-4EFD-9D53-8999CB91FCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52D0C21-DDA9-43BC-BA88-38CAC12907F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B99FD46-71DF-464C-9E78-4B6F125B52BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DD8C71-3CE1-43D7-A7FE-33B39726262B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2149A153-FB6A-4833-B382-39B762249BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3238F3F7-13F0-49FE-BA3E-B6F6570A46EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "40E583CD-F1D5-43C0-9195-940BBB0C8650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "440D9A94-D9E8-41C7-8ADC-9EA7CA4001E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C2EBC1-A32C-4866-8B19-2612DCA74A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B09B320-E2C0-4B6B-846D-FCE5F65E4DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA6A107-9B65-43C0-9EBA-69D83987F570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "304EA995-F08B-4401-8736-515583E1027C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B3F4DB-9290-448F-A41F-4ACE1802EB80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA58E346-4DEE-4429-9B57-41C05EE258F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "62601284-98D9-403F-8270-300AE1AB8A6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B210C1E-8220-40DA-9976-2BFE209DD6A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "69905126-C49A-4C38-8C31-6E34CA4E8322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82934F3-6C0D-4002-9E77-22A88DECE9C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EF3DE1-DEF2-4AC0-8B36-0897402520A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente MySQL Server en Oracle MySQL (subcomponente: Server: Performance Schema). Las versiones compatibles que se han visto afectadas son la 5.6.37 y anteriores, y la 5.7.19 y anteriores. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante con un bajo nivel de privilegios que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar el bloqueo o cierre inesperado, frecuente y repetido (DoS completo) de MySQL Server. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
    }
  ],
  "id": "CVE-2017-10283",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T17:29:02.140",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101420"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039597"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:3265"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:3442"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:3265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:3442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-10283

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-10283

Aliases

CVE-2017-10283

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-10283",
    "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",
    "id": "GSD-2017-10283",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-10283.html",
      "https://access.redhat.com/errata/RHSA-2017:3442",
      "https://access.redhat.com/errata/RHSA-2017:3265",
      "https://ubuntu.com/security/CVE-2017-10283",
      "https://alas.aws.amazon.com/cve/html/CVE-2017-10283.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-10283"
      ],
      "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",
      "id": "GSD-2017-10283",
      "modified": "2023-12-13T01:21:14.367677Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2017-10283",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MySQL Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "5.6.37 and earlier"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "5.7.19 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
          },
          {
            "name": "RHSA-2017:3265",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3265"
          },
          {
            "name": "1039597",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039597"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2017:3442",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3442"
          },
          {
            "name": "101420",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101420"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.6.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10283"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "1039597",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039597"
            },
            {
              "name": "101420",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101420"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
            },
            {
              "name": "RHSA-2017:3265",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3265"
            },
            {
              "name": "RHSA-2017:3442",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3442"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-12-14T02:29Z",
      "publishedDate": "2017-10-19T17:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-10283 (GCVE-0-2017-10283)

CERTFR-2017-AVI-367

Solution

GHSA-C3F4-7JG4-RRH2

CNVD-2017-32202

FKIE_CVE-2017-10283

GSD-2017-10283

Tags

Sightings

Nomenclature