PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3257 MARIADB CVE debrief

CVE-2017-3257 is a network-reachable availability issue in the MySQL Server InnoDB component that can let a low-privileged attacker trigger a hang or repeatable crash, resulting in a denial of service. The CVE description calls out Oracle MySQL Server, while the NVD record also maps related MariaDB and Debian CPEs. The issue was published on 2017-01-27 and is not listed as a KEV item in the supplied data.

Vendor
MARIADB
Product
CVE-2017-3257
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-27
Original CVE updated
2026-05-13
Advisory published
2017-01-27
Advisory updated
2026-05-13

Who should care

Administrators and security teams running Oracle MySQL Server, especially instances exposing database access over the network, plus teams operating downstream packages or distributions that inherit the NVD-mapped CPEs.

Technical summary

The supplied CVE description says the flaw is in MySQL Server’s InnoDB subcomponent and is easily exploitable by a low-privileged attacker with network access via multiple protocols. Successful exploitation can cause a hang or a frequently repeatable crash of MySQL Server, producing a complete denial of service. The NVD CPE criteria mark Oracle MySQL 5.6.0 through 5.6.34 and 5.7.0 through 5.7.16 as affected, and also include MariaDB and Debian mappings in the record.

Defensive priority

Medium: prioritize if the database is network reachable, externally exposed, or supports critical production workloads, because the impact is service availability loss rather than data theft or code execution.

Recommended defensive actions

  • Confirm whether your deployment matches the affected Oracle MySQL version ranges in the NVD CPE criteria.
  • Review vendor and downstream advisories linked in the record and apply the relevant MySQL or distribution package update.
  • If immediate patching is not possible, reduce network exposure to the database service and restrict access to trusted administrators and application hosts.
  • Monitor for unexpected MySQL hangs or repeatable crashes and verify service restarts and failover behavior.
  • Validate whether any MariaDB or Debian-packaged deployments in your environment map to the NVD-listed affected CPEs before closing the ticket.

Evidence notes

All findings are drawn from the supplied CVE record and NVD metadata. The description states: low-privileged network attacker, multiple protocols, hang or repeatable crash, complete DoS, and affected Oracle MySQL Server 5.6.34 and earlier / 5.7.16 and earlier. NVD’s CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H with a 6.5 base score. The record also lists Oracle, Debian, Red Hat, and Gentoo references, plus additional MariaDB and Debian CPE mappings.

Official resources

Publicly disclosed in the supplied record on 2017-01-27T22:59:02.803Z; the source record was last modified on 2026-05-13T00:24:29.033Z. No CISA KEV entry is included in the supplied data.