Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory x_refsource_REDHAT |
| http://www.securityfocus.com/bid/97776 | vdb-entry x_refsource_BID |
| http://www.securitytracker.com/id/1038287 | vdb-entry x_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory x_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3944 | vendor-advisory x_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory x_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3834 | vendor-advisory x_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory x_refsource_REDHAT |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory x_refsource_REDHAT x_transferred |
| http://www.securityfocus.com/bid/97776 | vdb-entry x_refsource_BID x_transferred |
| http://www.securitytracker.com/id/1038287 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | x_refsource_CONFIRM x_transferred |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory x_refsource_REDHAT x_transferred |
| http://www.debian.org/security/2017/dsa-3944 | vendor-advisory x_refsource_DEBIAN x_transferred |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory x_refsource_REDHAT x_transferred |
| http://www.debian.org/security/2017/dsa-3834 | vendor-advisory x_refsource_DEBIAN x_transferred |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory x_refsource_REDHAT x_transferred |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory x_refsource_REDHAT x_transferred |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Primary | 2.0 | 4.0 | MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-noinfo | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3834 | secalert_us@oracle.com | Third Party Advisory |
| http://www.debian.org/security/2017/dsa-3944 | secalert_us@oracle.com | Third Party Advisory |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | secalert_us@oracle.com | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/97776 | secalert_us@oracle.com | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1038287 | secalert_us@oracle.com | Broken Link Third Party Advisory VDB Entry |
| https://access.redhat.com/errata/RHSA-2017:2192 | secalert_us@oracle.com | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2017:2787 | secalert_us@oracle.com | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2017:2886 | secalert_us@oracle.com | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2018:0279 | secalert_us@oracle.com | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2018:0574 | secalert_us@oracle.com | Third Party Advisory |
| http://www.debian.org/security/2017/dsa-3834 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.debian.org/security/2017/dsa-3944 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | af854a3a-2127-422b-91ae-364da2661108 | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/97776 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1038287 | af854a3a-2127-422b-91ae-364da2661108 | Broken Link Third Party Advisory VDB Entry |
| https://access.redhat.com/errata/RHSA-2017:2192 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2017:2787 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2017:2886 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2018:0279 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2018:0574 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |