CVE-2017-3652
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Oracle MySQL DDL vulnerability allows low-privileged network attackers to read and modify data in affected versions.
Vulnerability
Vulnerability in the MySQL Server component of Oracle MySQL, subcomponent Server: DDL. Affected versions include MySQL 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier [1][2]. The vulnerability is difficult to exploit and requires low privileges.
Exploitation
The attacker must have network access via multiple protocols and low privileges on the MySQL Server. Exploitation is difficult (high complexity) and requires no user interaction but the attacker must be authenticated. The specific attack vector is not fully detailed in available references.
Impact
Successful exploitation could lead to unauthorized update, insert, or delete access to some MySQL Server accessible data, as well as unauthorized read access to a subset of data. This impacts both confidentiality and integrity, with a CVSS 3.0 Base Score of 4.2 (Medium).
Mitigation
Oracle has not released patches in the provided references. Red Hat has published errata RHSA-2017:2787 and RHSA-2017:2886, which likely include updated MySQL packages [1][2]. Affected users should apply the relevant updates from their vendor.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- osv-coords3 versionspkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 5.5.57-0.39.3.1+ 2 more
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- Oracle Corporation/MySQL Serverv5Range: 5.5.56 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
- www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
- www.securityfocus.com/bid/99805nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038928nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2787nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2886nvdThird Party Advisory
News mentions
0No linked articles in our index yet.