CVE-2017-3320 Oracle CVE debrief

Who should care

Administrators and security teams responsible for Oracle MySQL Server installations, especially systems running 5.7.16 or earlier and environments that allow remote administrative access or depend on encryption-related server features.

Technical summary

NVD’s CVSS v3.0 vector is AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N, reflecting a network-reachable issue that still requires high privileges and user interaction. The listed impact is confidentiality-only: unauthorized read access to a subset of MySQL Server-accessible data. No integrity or availability impact is indicated in the supplied record.

Defensive priority

Low severity, but worth addressing on affected MySQL Server deployments during normal patch cycles because it affects confidentiality and is remotely reachable.

Recommended defensive actions

• Check whether any Oracle MySQL Server instances are at version 5.7.16 or earlier.
• Apply Oracle’s January 2017 CPU or a later fixed release that removes the affected condition.
• Review and minimize high-privilege remote access paths to MySQL Server.
• Treat systems requiring user interaction in the affected workflow as higher operational risk and reduce exposure where possible.
• If you rely on downstream Linux packages, confirm the vendor advisory or errata is applied on the packaged MySQL build.

Evidence notes

This debrief is based only on the supplied NVD record and linked vendor/advisory references. The CVE was published on 2017-01-27T22:59:04.600Z; the 2026-05-13 modified timestamp reflects later record updates, not the original issue date. The supplied record states the affected product, version boundary, exploitability constraints, and confidentiality impact.

Official resources