Medium severity4.3NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-3651

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A low-privileged attacker with network access can exploit mysqldump in MySQL Server 5.5.56/5.6.36/5.7.18 and earlier to perform unauthorized data modifications.

Vulnerability

The vulnerability resides in the MySQL Server component, specifically in the subcomponent Client mysqldump. Affected versions are Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier [1][2]. The issue is present in the MySQL client binary mysqldump and can be triggered remotely via multiple network protocols.

Exploitation

An attacker with low privileges and network access can compromise MySQL Server by exploiting the vulnerability via multiple protocols. The attack complexity is low, requires no user interaction, and can be performed over the network without special conditions beyond having a low-privileged account [1]. The specific attack vector or sequence of steps is not detailed in the available references.

Impact

Successful exploitation allows the attacker to gain unauthorized update, insert, or delete access to some of the MySQL Server accessible data. This impacts data integrity (CVSS v3 Base Score 4.3, Integrity impacts only); confidentiality and availability are not affected. The attacker does not gain full control or administrative privileges, only the ability to modify limited data [1].

Mitigation

Patches are available through vendor advisories and Red Hat errata. Fixed versions include MySQL 5.5.57, 5.6.37, 5.7.19 (Oracle Critical Patch Update July 2017) and corresponding Red Hat Enterprise Linux updates such as mariadb-5.5.56-2.el7 via RHSA-2017:2192 [1], mariadb-5.5.60-1.el7_5 via RHSA-2018:2439 [2], and other updates referenced in RHSA-2016:2928 [3] and RHSA-2017:2787 [4]. Users should upgrade to the latest patched versions for their distribution. No known workarounds are documented if the patch cannot be applied.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.53
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.56
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus4 versions
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus3 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
osv-coords3 versions
pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 5.5.57-0.39.3.1+ 2 more
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
Oracle Corporation/MySQL Serverv5
Range: 5.5.56 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
rhn.redhat.com/errata/RHSA-2016-2927.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-2928.htmlnvdThird Party Advisory
www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
www.securityfocus.com/bid/99802nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038928nvdBroken LinkThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2192nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2886nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2439nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2729nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000