Medium severity5.3NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2017-3305

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".

Affected products

Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.55
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Oracle Corporation/MySQL Serverv5
Range: 5.5.55 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlnvdPatchVendor Advisory
riddle.linknvdThird Party Advisory
www.debian.org/security/2017/dsa-3834nvdThird Party Advisory
www.openwall.com/lists/oss-security/2017/03/17/3nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/97023nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038287nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000