CVE-2017-3238

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type

GIT

Repo

https://github.com/mariadb/server

Events

Introduced

776555af021e917ce0d6235386b43ae59fdd5161

Fixed

5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565

Introduced

c235de12ae3723b96944337bd89ad9cc87f21d8f

Fixed

f7d030489d2980c9deb733925515099ec256f6d2

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.29"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.21"
        }
    ]
}

Type

GIT

Repo

https://github.com/mysql/mysql-server

Events

Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Last affected

5c6169fb309981b564a17bee31b367a18866d674

Introduced

Last affected

eada4d562bda506163131233700ce5bdc0703a8f

Introduced

Last affected

c28e258157f39f25e044bb72e8bae1ff00989a3d

Introduced

Last affected

270fd3411e3d671a73ed9725940a30080f59ce6d

Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Fixed

c8f0eeb9c8596be83fefb7fef9f9871e53edb020

Introduced

Last affected

ae41ce7c4ecff5e1e336ab768867370b8c94e02d

Database specific

{
    "versions": [
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.53"
        },
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.34"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.54"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.5"
        }
    ]
}

Affected versions

mariadb-10.*

mariadb-10.1.0

mariadb-10.1.10

mariadb-10.1.11

mariadb-10.1.12

mariadb-10.1.13

mariadb-10.1.14

mariadb-10.1.15

mariadb-10.1.16

mariadb-10.1.17

mariadb-10.1.18

mariadb-10.1.19

mariadb-10.1.2

mariadb-10.1.20

mariadb-10.1.3

mariadb-10.1.4

mariadb-10.1.5

mariadb-10.1.6

mariadb-10.1.7

mariadb-10.1.8

mariadb-10.1.9

mysql-3.*

mysql-3.23.22-beta

mysql-3.23.28-gamma

mysql-3.23.30-gamma

mysql-3.23.31

mysql-3.23.32

mysql-3.23.33

mysql-3.23.36

mysql-4.*

mysql-4.0.2

mysql-4.0.4

mysql-5.*

mysql-5.1.4

mysql-5.5.15

mysql-5.5.19

mysql-5.5.23

mysql-5.5.25

mysql-5.5.27

mysql-5.5.44

mysql-5.5.47

mysql-5.5.49

mysql-5.5.53

mysql-5.6.34

mysql-5.7.16

mysql-8.*

mysql-8.0.0

mysql-cluster-7.*

mysql-cluster-7.5.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]

vanir_signatures_modified

"2026-04-11T04:59:37Z"

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_calc_row_hash"
        },
        "id": "CVE-2017-3238-2235861b",
        "signature_type": "Function",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "function_hash": "326577626690167958606778565745841641029",
            "length": 1075.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_store_key_val_for_row"
        },
        "id": "CVE-2017-3238-76d7bb16",
        "signature_type": "Function",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "function_hash": "175766638502419520218478376205151830061",
            "length": 4678.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc"
        },
        "id": "CVE-2017-3238-d7841ca0",
        "signature_type": "Line",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "333910009814716899599761924093289489726",
                "161392224999518567510718607174078569010",
                "161097539754424727880941917296259394470",
                "86950865214847603434991963376525204394",
                "149603238303571009756227611135528613560",
                "246754121958178494555659751381354980297",
                "112180117738318881565344278433296106535",
                "56934855970519006216491266214889014278",
                "177233899003535037117533813868483428969",
                "91781135331166554714959393998795539181",
                "231826346572631787101747650932251996807",
                "120129231197026531763378830534168927209",
                "78750874032296690609296176761798461946",
                "37466225183381131843040316628502534513",
                "73966958620296014639090697993023755838",
                "302517151867660583156292446738041253690",
                "320251111942484271165771358375346713457",
                "137617643939518963627606737565894291194"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3238.json"