{ "threat_severity" : "Low", "public_date" : "2017-01-27T00:00:00Z", "bugzilla" : { "description" : "mysql: prepared statement handle use-after-free after disconnect", "id" : "1422119", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422119" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", "A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHSA-2017:2192", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "mariadb-1:5.5.56-2.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2017-09-21T00:00:00Z", "advisory" : "RHSA-2017:2787", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-mysql56-mysql-0:5.6.37-5.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-02-06T00:00:00Z", "advisory" : "RHSA-2018:0279", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb100-mariadb-1:10.0.33-3.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb101-galera-0:25.3.12-12.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb101-mariadb-1:10.1.29-3.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2017-09-21T00:00:00Z", "advisory" : "RHSA-2017:2787", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-mysql56-mysql-0:5.6.37-5.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-02-06T00:00:00Z", "advisory" : "RHSA-2018:0279", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb100-mariadb-1:10.0.33-3.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb101-galera-0:25.3.12-12.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb101-mariadb-1:10.1.29-3.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2017-09-21T00:00:00Z", "advisory" : "RHSA-2017:2787", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-mysql56-mysql-0:5.6.37-5.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-02-06T00:00:00Z", "advisory" : "RHSA-2018:0279", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb100-mariadb-1:10.0.33-3.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-galera-0:25.3.12-12.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-mariadb-1:10.1.29-3.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2017-09-21T00:00:00Z", "advisory" : "RHSA-2017:2787", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-mysql56-mysql-0:5.6.37-5.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-02-06T00:00:00Z", "advisory" : "RHSA-2018:0279", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb100-mariadb-1:10.0.33-3.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-galera-0:25.3.12-12.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-mariadb-1:10.1.29-3.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-02-06T00:00:00Z", "advisory" : "RHSA-2018:0279", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb100-mariadb-1:10.0.33-3.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-galera-0:25.3.12-12.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-03-21T00:00:00Z", "advisory" : "RHSA-2018:0574", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb101-mariadb-1:10.1.29-3.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "mysql55-mysql", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "mysql", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:5::el6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:7" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 11 (Ocata)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:11" }, { "product_name" : "Red Hat OpenStack Platform 12 (Pike)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:12" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:9" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Not affected", "package_name" : "rh-mysql57-mysql", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-3302\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3302" ], "name" : "CVE-2017-3302", "csaw" : false }