CVE-2017-3648
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A difficult-to-exploit vulnerability in MySQL Server's Charsets subcomponent allows a high-privileged attacker to cause a denial of service via network access.
Vulnerability
A vulnerability exists in the Charsets subcomponent of Oracle MySQL Server. Affected versions include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is difficult to exploit and requires high privileges and network access via multiple protocols.
Exploitation
An attacker must have high privileges (e.g., database administrator) and network access to the MySQL Server. The attack complexity is high, meaning successful exploitation requires specific conditions or timing. The attacker can use multiple protocols to trigger the vulnerability, leading to a hang or frequent crash of the server.
Impact
Successful exploitation results in a denial of service (DoS) condition, causing the MySQL Server to hang or repeatedly crash. This impacts availability only; confidentiality and integrity are not affected. The CVSS v3 base score is 4.4 (Medium) with an availability impact of High.
Mitigation
Oracle has released patches as part of the July 2017 Critical Patch Update. Red Hat has provided updated packages via RHSA-2017:2787 and RHSA-2017:2886 [1][2]. Users should upgrade to MySQL versions 5.5.57, 5.6.37, 5.7.19, or later. No workarounds are documented; applying the patch is the recommended mitigation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- osv-coords3 versionspkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 5.5.57-0.39.3.1+ 2 more
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- Oracle Corporation/MySQL Serverv5Range: 5.5.56 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
- www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
- www.securityfocus.com/bid/99789nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038928nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2886nvdThird Party Advisory
News mentions
0No linked articles in our index yet.