CVE-2017-3653
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A difficult-to-exploit vulnerability in MySQL Server DDL allows low-privileged attackers to modify some data, affecting versions 5.5.56, 5.6.36, 5.7.18 and earlier.
Vulnerability
MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier contain a difficult-to-exploit vulnerability in the Server: DDL subcomponent. A low-privileged attacker with network access via multiple protocols can exploit this flaw, potentially resulting in unauthorized update, insert, or delete access to some MySQL Server accessible data [1][2][3][4].
Exploitation
An attacker must have low privileges (e.g., a valid database user account) and network access to the MySQL Server. The attack complexity is high, meaning successful exploitation likely requires additional conditions or precise timing. The attacker uses multiple network protocols to trigger the vulnerable DDL code path, leading to unauthorized data modification [1][2][3][4].
Impact
Successful exploitation results in limited integrity impact: the attacker can update, insert, or delete some data accessible to the MySQL server. No confidentiality or availability impact is described. The privilege level of the attacker remains low, and the scope of the compromise is unchanged (does not propagate to other components) [1][2][3][4].
Mitigation
Oracle has not released patches for the affected versions; the CVE was published in 2017. Red Hat has addressed this vulnerability in MariaDB (a MySQL fork) via RHSA-2017:2787, RHSA-2018:0279, RHSA-2018:0574, and RHSA-2018:2439, updating to versions like 5.5.60-1.el7_5 [1][2][3][4]. Users of Oracle MySQL should upgrade to a patched version if available (e.g., 5.7.19 or later), apply workarounds such as network access restrictions, or migrate to a fork with fixes. Not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
55cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- osv-coords39 versionspkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/rubygem-mysql2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/xtrabackup&distro=SUSE%20OpenStack%20Cloud%207
< 25.3.23-8.3+ 38 more
- (no CPE)range: < 25.3.23-8.3
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.0.3-1.3.3
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-20.36.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.0.32-29.10.1
- (no CPE)range: < 10.2.15-7.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 5.5.57-0.39.3.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 0.4.10-7.2
- (no CPE)range: < 2.4.10-5.3
- Oracle Corporation/MySQL Serverv5Range: 5.5.56 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2017:2787nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2886nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2018:0279nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2018:0574nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2439nvdPatchThird Party Advisory
- www.debian.org/security/2017/dsa-3922nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3944nvdThird Party Advisory
- www.securityfocus.com/bid/99810nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038928nvdBroken LinkThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2729nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3955nvdThird Party Advisory
News mentions
0No linked articles in our index yet.