CVE-2017-3302
mysql-5.5 - security update
7.5
HIGH
CVSS 3.1
EPSS 2.5%
Description
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
How to fix CVE-2017-3302
To remediate CVE-2017-3302, upgrade the affected package to a fixed version below.
- Alpine/mariadb—upgrade to 10.1.22-r0 or later
- Debian/mariadb-10.0—upgrade to 10.0.30-0+deb8u1 or later
- —upgrade to 5.5.54-0+deb7u2 or later
- —upgrade to 5.5.55-0+deb7u1 or later
- —upgrade to 5.5.55-0+deb8u1 or later
Is CVE-2017-3302 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 10.1.22-r0
- from 0, < 10.0.30-0+deb8u1
- from 0, < 5.5.54-0+deb7u2
- from 0, < 5.5.55-0+deb7u1
- from 0, < 5.5.55-0+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |