Medium severity5.3NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-3636

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Low-privileged local attacker can read, modify, or delete MySQL data, or cause partial denial of service via client programs.

Vulnerability

A vulnerability exists in the MySQL Client programs component of Oracle MySQL. Affected versions are MySQL 5.5.56 and earlier, and 5.6.36 and earlier. The vulnerability is easily exploitable and requires low-privileged local access to the system where MySQL Server runs.

Exploitation

An attacker with logon access to the infrastructure where MySQL Server executes can exploit this vulnerability. No authentication is required beyond the initial low-privileged access. The attack can be performed locally without user interaction.

Impact

Successful exploitation allows an attacker to gain unauthorized read access to a subset of MySQL Server data, unauthorized update, insert, or delete access to some MySQL Server data, and the ability to cause a partial denial of service (partial DOS) of MySQL Server. The CVSS v3 base score is 5.3 (Medium) with impacts to confidentiality, integrity, and availability.

Mitigation

Oracle has not released a patch at the time of publication, but Red Hat has provided updates for affected versions in RHSA-2017:2787 [4], RHSA-2018:0279 [3], RHSA-2018:0574 [2], and RHSA-2018:2439 [1]. Users should upgrade to the fixed versions included in these advisories. No workarounds are available if patching is not possible.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.57
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.56
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
osv-coords40 versions
pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweed pkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/rubygem-mysql2&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/xtrabackup&distro=SUSE%20OpenStack%20Cloud%207
< 10.6.4-2.1+ 39 more
- (no CPE)range: < 10.6.4-2.1
- (no CPE)range: < 25.3.23-8.3
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.0.3-1.3.3
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.2.15-7.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 0.4.10-7.2
- (no CPE)range: < 2.4.10-5.3
Oracle Corporation/MySQL Serverv5
Range: 5.5.56 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
www.debian.org/security/2017/dsa-3944nvdThird Party Advisory
www.securityfocus.com/bid/99736nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038928nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0279nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0574nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2439nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2729nvdThird Party Advisory
www.debian.org/security/2017/dsa-3955nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000