CVE-2017-3291

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type

GIT

Repo

https://github.com/mariadb/server

Events

Introduced

776555af021e917ce0d6235386b43ae59fdd5161

Fixed

5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565

Introduced

c235de12ae3723b96944337bd89ad9cc87f21d8f

Fixed

f7d030489d2980c9deb733925515099ec256f6d2

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.29"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.21"
        }
    ]
}

Type

GIT

Repo

https://github.com/mysql/mysql-server

Events

Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Last affected

5c6169fb309981b564a17bee31b367a18866d674

Introduced

Last affected

eada4d562bda506163131233700ce5bdc0703a8f

Introduced

Last affected

c28e258157f39f25e044bb72e8bae1ff00989a3d

Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Fixed

c8f0eeb9c8596be83fefb7fef9f9871e53edb020

Introduced

Last affected

270fd3411e3d671a73ed9725940a30080f59ce6d

Introduced

Last affected

ae41ce7c4ecff5e1e336ab768867370b8c94e02d

Database specific

{
    "versions": [
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.53"
        },
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.34"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.16"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "fixed": "5.5.54"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.5"
        }
    ]
}

Affected versions

mariadb-10.*

mariadb-10.1.0

mariadb-10.1.10

mariadb-10.1.11

mariadb-10.1.12

mariadb-10.1.13

mariadb-10.1.14

mariadb-10.1.15

mariadb-10.1.16

mariadb-10.1.17

mariadb-10.1.18

mariadb-10.1.19

mariadb-10.1.2

mariadb-10.1.20

mariadb-10.1.3

mariadb-10.1.4

mariadb-10.1.5

mariadb-10.1.6

mariadb-10.1.7

mariadb-10.1.8

mariadb-10.1.9

mysql-3.*

mysql-3.23.22-beta

mysql-3.23.28-gamma

mysql-3.23.30-gamma

mysql-3.23.31

mysql-3.23.32

mysql-3.23.33

mysql-3.23.36

mysql-4.*

mysql-4.0.2

mysql-4.0.4

mysql-5.*

mysql-5.1.4

mysql-5.5.15

mysql-5.5.19

mysql-5.5.23

mysql-5.5.25

mysql-5.5.27

mysql-5.5.44

mysql-5.5.47

mysql-5.5.49

mysql-5.5.53

mysql-5.6.34

mysql-5.7.16

mysql-8.*

mysql-8.0.0

mysql-cluster-7.*

mysql-cluster-7.5.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]

vanir_signatures_modified

"2026-04-11T04:14:27Z"

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_calc_row_hash"
        },
        "id": "CVE-2017-3291-2235861b",
        "signature_type": "Function",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "function_hash": "326577626690167958606778565745841641029",
            "length": 1075.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_store_key_val_for_row"
        },
        "id": "CVE-2017-3291-76d7bb16",
        "signature_type": "Function",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "function_hash": "175766638502419520218478376205151830061",
            "length": 4678.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc"
        },
        "id": "CVE-2017-3291-d7841ca0",
        "signature_type": "Line",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "333910009814716899599761924093289489726",
                "161392224999518567510718607174078569010",
                "161097539754424727880941917296259394470",
                "86950865214847603434991963376525204394",
                "149603238303571009756227611135528613560",
                "246754121958178494555659751381354980297",
                "112180117738318881565344278433296106535",
                "56934855970519006216491266214889014278",
                "177233899003535037117533813868483428969",
                "91781135331166554714959393998795539181",
                "231826346572631787101747650932251996807",
                "120129231197026531763378830534168927209",
                "78750874032296690609296176761798461946",
                "37466225183381131843040316628502534513",
                "73966958620296014639090697993023755838",
                "302517151867660583156292446738041253690",
                "320251111942484271165771358375346713457",
                "137617643939518963627606737565894291194"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3291.json"