CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type: GIT
Repo: https://github.com/mariadb/server
Events: Introduced

776555af021e917ce0d6235386b43ae59fdd5161

Fixed

5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565

Introduced

c235de12ae3723b96944337bd89ad9cc87f21d8f

Fixed

f7d030489d2980c9deb733925515099ec256f6d2

Introduced

f954e4bfae9a9723d33e05e4035e3c5a5e8d43d9

Fixed

ec6d8dadc01269451332e5b24b12a5350a2a4896

Affected versions

mariadb-10.*

mariadb-10.0.13

mariadb-10.0.14

mariadb-10.0.15

mariadb-10.0.16

mariadb-10.0.17

mariadb-10.0.18

mariadb-10.0.19

mariadb-10.0.20

mariadb-10.0.21

mariadb-10.0.22

mariadb-10.0.23

mariadb-10.0.24

mariadb-10.0.25

mariadb-10.0.26

mariadb-10.0.27

mariadb-10.0.28

mariadb-10.0.29

mariadb-10.1.0

mariadb-5.*

mariadb-5.5.39

mariadb-5.5.40

mariadb-5.5.41

mariadb-5.5.42

mariadb-5.5.43

mariadb-5.5.44

mariadb-5.5.45

mariadb-5.5.46

mariadb-5.5.47

mariadb-5.5.48

mariadb-5.5.49

mariadb-5.5.50

mariadb-5.5.51

mariadb-5.5.52

mariadb-5.5.53

mariadb-5.5.54

mariadb-galera-10.*

mariadb-galera-10.0.10

mariadb-galera-10.0.11

mariadb-galera-10.0.12

mariadb-galera-10.0.13

mariadb-galera-10.0.14

mariadb-galera-10.0.15

mariadb-galera-10.0.16

mariadb-galera-10.0.17

mariadb-galera-10.0.19

mariadb-galera-10.0.20

mariadb-galera-10.0.21

mariadb-galera-10.0.22

mariadb-galera-10.0.23

mariadb-galera-10.0.24

mariadb-galera-10.0.25

mariadb-galera-10.0.26

mariadb-galera-10.0.27

mariadb-galera-10.0.28

mariadb-galera-10.0.7

mariadb-galera-10.0.7a

mariadb-galera-5.*

mariadb-galera-5.5.25

mariadb-galera-5.5.28a

mariadb-galera-5.5.29

mariadb-galera-5.5.32

mariadb-galera-5.5.32a

mariadb-galera-5.5.34

mariadb-galera-5.5.35

mariadb-galera-5.5.36

mariadb-galera-5.5.36a

mariadb-galera-5.5.37

mariadb-galera-5.5.38

mariadb-galera-5.5.39

mariadb-galera-5.5.40

mariadb-galera-5.5.41

mariadb-galera-5.5.42

mariadb-galera-5.5.43

mariadb-galera-5.5.44

mariadb-galera-5.5.45

mariadb-galera-5.5.46

mariadb-galera-5.5.47

mariadb-galera-5.5.48

mariadb-galera-5.5.49

mariadb-galera-5.5.50

mariadb-galera-5.5.51

mysql-5.*

mysql-5.5.39

mysql-5.5.40

mysql-5.5.41

mysql-5.5.42

mysql-5.5.43

mysql-5.5.44

mysql-5.5.45

mysql-5.5.46

mysql-5.5.47

mysql-5.5.48

mysql-5.5.49

mysql-5.5.50

mysql-5.5.51

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3312.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "110476974363545998578908701767776289249",
                "273829603880621959453121196915995003208",
                "272651897101448574504321173220526278056",
                "101067086018716534944710799067966718979",
                "156157766317088195883941185698541658215",
                "252456698466909650226976198023719340148",
                "145614537797552145300398816624862030281",
                "77208543113951532544387081806008385078",
                "288396136368601660375584450919171545234",
                "183434757643369183402139629237367263838",
                "233157255990452243775235344983471018546",
                "188751487140915611334454463849252489410",
                "252462684064816368296321058806034439684",
                "307098061759343067405645946303872718836",
                "214376391898797245055281648625328889739",
                "245021762340980165202144694676878157613",
                "263402790790463611858093480743074015920",
                "203233127377842720116288925258250585074",
                "155399327407118826417293143762587199135",
                "243409645841800168870356497163238873197"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-0baf8993",
        "deprecated": false,
        "target": {
            "file": "sql/sql_parse.cc"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "function_hash": "143537602743541475551221605603161948409",
            "length": 20792.0
        },
        "id": "CVE-2017-3312-11370427",
        "deprecated": false,
        "target": {
            "file": "sql/sql_table.cc",
            "function": "mysql_prepare_create_table"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "digest": {
            "function_hash": "326577626690167958606778565745841641029",
            "length": 1075.0
        },
        "id": "CVE-2017-3312-2235861b",
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_calc_row_hash"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "191365949426779725766789603426499993246",
                "278019233043855333150431390455102723751",
                "295308575304819897491637281605582339132",
                "316141643622374384017115069859567416238"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-23a2be41",
        "deprecated": false,
        "target": {
            "file": "sql/sql_parse.h"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "265325526143814603973792993310300959077",
                "134271306182046391197704199376718527742",
                "234053894392742200605772680322683230100",
                "331651524179688659328434200080440792991",
                "206372030164076775229126100793501833854",
                "146666323041243955687203765021208690627",
                "5119821929170601859101199426480974918",
                "38432167527863191290005553977007074711",
                "293867664051682534000806495790057554206"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-3896541e",
        "deprecated": false,
        "target": {
            "file": "sql/sql_table.cc"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "function_hash": "86787608855330484794596027923177671555",
            "length": 413.0
        },
        "id": "CVE-2017-3312-64f09d1a",
        "deprecated": false,
        "target": {
            "file": "sql/sp_head.cc",
            "function": "check_routine_name"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "digest": {
            "function_hash": "175766638502419520218478376205151830061",
            "length": 4678.0
        },
        "id": "CVE-2017-3312-76d7bb16",
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc",
            "function": "wsrep_store_key_val_for_row"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "function_hash": "319605949545786425931899991223020281209",
            "length": 2231.0
        },
        "id": "CVE-2017-3312-b1e5246e",
        "deprecated": false,
        "target": {
            "file": "sql/event_db_repository.cc",
            "function": "Event_db_repository::create_event"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "26525096429559620866166556133688827897",
                "129500045865988016829211755681721458305",
                "247957907955429552848479655247159269668",
                "248691127989690324911143650852968838442",
                "249300590893379082946680066731077073626",
                "100859979469401964751148185679756391842",
                "155165660543301505295153545096856197609",
                "207006434850460208329635997276720901369",
                "4803520273459365740944417050049399744",
                "158561013993746021030031899712532734081",
                "136191223334164894535914729232458150659",
                "1074636894305862858336170024599283008",
                "173789926310060903198036442521100101621",
                "83624861320576465906670100335703390668",
                "250650050566756094956523563893860459947",
                "39864383845067350777116726340555535098",
                "280759529333537899701916166374408421496",
                "9660230519094929247504475558031211455"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-b492d286",
        "deprecated": false,
        "target": {
            "file": "sql/event_db_repository.cc"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "106367794982321222823661970928717070140",
                "287918171444798188919272691410834246374",
                "32263278779709520677274153452751045440",
                "85849136071385494937256123826039305613",
                "109655129547388763572068534304025775703",
                "327539203967464237571321394143350615260",
                "337748003959843701096340016276144492632",
                "119258988697698457769296765622298402469",
                "335773210269915846850055826690417498712"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-b5186f58",
        "deprecated": false,
        "target": {
            "file": "sql/sp_head.cc"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "line_hashes": [
                "42074478750849569526598712771434739087",
                "301582172835096388796895491772193473281",
                "86887952283032989431239451409891269947",
                "119870690091251235158218428258861323094",
                "177447429887106170945355852386248803933",
                "86075442175389991038865413467493574311",
                "274646913374922228618584592203619750529",
                "67515203747798400604251782754291553286",
                "244893465238956798710697810024913192313"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-bb4c0188",
        "deprecated": false,
        "target": {
            "file": "sql/sql_udf.cc"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "function_hash": "144133544052487356972448319223608512920",
            "length": 3701.0
        },
        "id": "CVE-2017-3312-c77b31e2",
        "deprecated": false,
        "target": {
            "file": "sql/sql_udf.cc",
            "function": "mysql_create_function"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/5fc1ba604e27b7d9eaa2977ef5b0c180f6f62565",
        "digest": {
            "line_hashes": [
                "333910009814716899599761924093289489726",
                "161392224999518567510718607174078569010",
                "161097539754424727880941917296259394470",
                "86950865214847603434991963376525204394",
                "149603238303571009756227611135528613560",
                "246754121958178494555659751381354980297",
                "112180117738318881565344278433296106535",
                "56934855970519006216491266214889014278",
                "177233899003535037117533813868483428969",
                "91781135331166554714959393998795539181",
                "231826346572631787101747650932251996807",
                "120129231197026531763378830534168927209",
                "78750874032296690609296176761798461946",
                "37466225183381131843040316628502534513",
                "73966958620296014639090697993023755838",
                "302517151867660583156292446738041253690",
                "320251111942484271165771358375346713457",
                "137617643939518963627606737565894291194"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-3312-d7841ca0",
        "deprecated": false,
        "target": {
            "file": "storage/xtradb/handler/ha_innodb.cc"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mariadb/server/commit/ec6d8dadc01269451332e5b24b12a5350a2a4896",
        "digest": {
            "function_hash": "311513021183552121159028578734787996705",
            "length": 104833.0
        },
        "id": "CVE-2017-3312-f24d0f46",
        "deprecated": false,
        "target": {
            "file": "sql/sql_parse.cc",
            "function": "prepare_schema_table"
        }
    }
]

Git / github.com/mysql/mysql-server

Affected ranges

Type: GIT
Repo: https://github.com/mysql/mysql-server
Events: Introduced

54df0057e18d8c82c23fbd4e0bf5b5dc2e762955

Fixed

c8f0eeb9c8596be83fefb7fef9f9871e53edb020

Affected versions

mysql-5.*

mysql-5.0.87sp1

mysql-5.0.90

mysql-5.0.91

mysql-5.0.92

mysql-5.0.93

mysql-5.0.94

mysql-5.0.95

mysql-5.0.96

mysql-5.1.40sp1

mysql-5.1.41

mysql-5.1.42

mysql-5.1.43

mysql-5.1.43sp1

mysql-5.1.44

mysql-5.1.45

mysql-5.1.46

mysql-5.1.46sp1

mysql-5.1.47

mysql-5.1.48

mysql-5.1.49

mysql-5.1.49sp1

mysql-5.1.50

mysql-5.1.51

mysql-5.1.52

mysql-5.1.52sp1

mysql-5.1.53

mysql-5.1.54

mysql-5.1.55

mysql-5.1.56

mysql-5.1.57

mysql-5.1.58

mysql-5.1.59

mysql-5.1.60

mysql-5.1.61

mysql-5.1.62

mysql-5.1.63

mysql-5.1.65

mysql-5.1.66

mysql-5.1.67

mysql-5.1.68

mysql-5.1.69

mysql-5.1.69-retag

mysql-5.1.70

mysql-5.1.71

mysql-5.1.72

mysql-5.1.73

mysql-5.1.74

mysql-5.1.75

mysql-5.1.76

mysql-5.1.77

mysql-5.5.0

mysql-5.5.1-m2

mysql-5.5.10

mysql-5.5.11

mysql-5.5.12

mysql-5.5.13

mysql-5.5.14

mysql-5.5.15

mysql-5.5.16

mysql-5.5.17

mysql-5.5.18

mysql-5.5.19

mysql-5.5.2-m2

mysql-5.5.20

mysql-5.5.21

mysql-5.5.22

mysql-5.5.23

mysql-5.5.24

mysql-5.5.25

mysql-5.5.25a

mysql-5.5.27

mysql-5.5.28

mysql-5.5.29

mysql-5.5.3-m3

mysql-5.5.30

mysql-5.5.31

mysql-5.5.32

mysql-5.5.33

mysql-5.5.34

mysql-5.5.35

mysql-5.5.36

mysql-5.5.37

mysql-5.5.38