PatchSiren cyber security CVE debrief

CVE-2017-3319 Oracle CVE debrief

CVE-2017-3319 is a low-severity information disclosure issue in Oracle MySQL Server’s X Plugin component. Oracle’s description says a low-privileged attacker with network access could compromise affected MySQL Server deployments and obtain unauthorized read access to a subset of MySQL Server accessible data. The affected range in the record is MySQL 5.7.16 and earlier.

Vendor: Oracle
Product: CVE-2017-3319
CVSS: LOW 3.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

MySQL administrators, database platform teams, and security owners running Oracle MySQL Server 5.7.16 or earlier, especially where the X Plugin is enabled or the server is reachable from untrusted networks.

Technical summary

The NVD record classifies this as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with CVSS 3.0 vector CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is described in the MySQL Server component, subcomponent X Plugin, and affects supported versions up to and including 5.7.16. The expected impact is limited confidentiality loss: unauthorized read access to a subset of accessible MySQL Server data.

Defensive priority

Low, but patch promptly if the affected MySQL version is deployed on exposed or semi-trusted networks.

Recommended defensive actions

Upgrade Oracle MySQL Server to a vendor-fixed release that addresses CVE-2017-3319, using Oracle’s January 2017 Critical Patch Update guidance.
Review whether the MySQL X Plugin is required; if it is not needed, disable or remove exposure according to your standard hardening process.
Restrict network reachability to MySQL services so only trusted hosts can connect.
Apply least-privilege account design and reduce the number of accounts that can reach the service over the network.
If you use downstream vendor packages, verify that the distribution errata or security advisory for this CVE has been applied.
Monitor for unusual read activity or unexpected access to sensitive schemas and tables on affected instances.

Evidence notes

This debrief is based on the supplied NVD CVE record and its metadata. The record states the vulnerable product scope (Oracle MySQL Server, X Plugin), affected versions (5.7.16 and earlier), attack characteristics (network access, low privileges, difficult to exploit), and impact (unauthorized read access to a subset of server data). The NVD metadata also lists CWE-200 and the CVSS 3.0 vector AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. Reference links in the record point to Oracle’s January 2017 CPU advisory, plus Red Hat and Gentoo downstream advisories.

Official resources

CVE-2017-3319 CVE record
CVE.org
CVE-2017-3319 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed in the CVE/NVD record on 2017-01-27; the record references Oracle’s January 2017 CPU advisory.