Medium severity6.6NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2017-3600

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.53
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.54
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus3 versions
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Oracle Corporation/MySQL Serverv5
Range: 5.5.54 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlnvdPatchVendor Advisory
rhn.redhat.com/errata/RHSA-2016-2927.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-2928.htmlnvdThird Party Advisory
www.debian.org/security/2017/dsa-3834nvdThird Party Advisory
www.securityfocus.com/bid/97765nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038287nvdBroken LinkThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2192nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2886nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000