Medium severity4.9NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-3641

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A high-privileged attacker with network access can trigger a hang or crash of MySQL Server via the DML component in versions 5.5.56, 5.6.36, and 5.7.18 and earlier.

Vulnerability

The vulnerability resides in the DML (Data Manipulation Language) component of MySQL Server. Affected versions include Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier [description]. The vulnerability is exploitable without authentication beyond the required high privileges, and can be triggered via multiple network protocols such as MySQL protocol or others [description].

Exploitation

An attacker requires high-level privileges (such as those of a database administrator) on the MySQL server. The attacker can send crafted DML statements over the network to the server. Successful exploitation leads to a hang or frequently repeatable crash of the MySQL server, causing a complete denial of service [description]. No user interaction is required for the attack [description].

Impact

Successful exploitation results in a denial of service condition where the MySQL server becomes unresponsive or crashes repeatedly. The impact is limited to availability (CIA: Availability only), with no impact on confidentiality or integrity. The CVSS v3 base score is 4.9 (Medium), with an availability impact of High [description].

Mitigation

Oracle released patches as part of the July 2017 Critical Patch Update. Red Hat published errata RHSA-2017:2787, RHSA-2018:0279, RHSA-2018:0574, and RHSA-2018:2439 to address this issue across various Red Hat Enterprise Linux versions [1][2][3][4]. Users should upgrade to the fixed versions provided in those advisories. As of the available references, no workarounds are documented. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.57
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.56
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
osv-coords39 versions
pkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/rubygem-mysql2&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/xtrabackup&distro=SUSE%20OpenStack%20Cloud%207
< 25.3.23-8.3+ 38 more
- (no CPE)range: < 25.3.23-8.3
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.0.3-1.3.3
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.2.15-7.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 0.4.10-7.2
- (no CPE)range: < 2.4.10-5.3
Oracle Corporation/MySQL Serverv5
Range: 5.5.56 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
www.debian.org/security/2017/dsa-3944nvdThird Party Advisory
www.securityfocus.com/bid/99767nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038928nvdBroken LinkThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2886nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0279nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0574nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2439nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2729nvdThird Party Advisory
www.debian.org/security/2017/dsa-3955nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000