PatchSiren cyber security CVE debrief

CVE-2017-3321 Oracle CVE debrief

CVE-2017-3321 is a low-severity availability issue in Oracle MySQL Cluster. According to NVD, an unauthenticated attacker with network access can trigger a partial denial of service in affected MySQL Cluster releases. The issue is described as difficult to exploit and is tied to Cluster: General, with affected versions ending at 7.2.19, 7.3.8, and 7.4.5 depending on the release line.

Vendor: Oracle
Product: CVE-2017-3321
CVSS: LOW 3.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

Administrators and SRE/DBA teams running Oracle MySQL Cluster, especially internet-exposed or broadly network-accessible deployments on version lines at or below 7.2.19, 7.3.8, or 7.4.5.

Technical summary

NVD classifies the flaw with CVSS 3.0 vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L and CWE-20. The practical impact described in the record is limited to availability: an attacker with network access, without authentication, may be able to cause a partial denial of service in MySQL Cluster. The vulnerability affects Oracle MySQL Cluster versions 7.2.19 and earlier, 7.3.8 and earlier, and 7.4.5 and earlier.

Defensive priority

Moderate for exposed MySQL Cluster environments; lower for isolated or fully managed deployments because the documented impact is limited to partial availability loss.

Recommended defensive actions

Confirm whether any MySQL Cluster deployments are on affected version lines (7.2.19 or earlier, 7.3.8 or earlier, 7.4.5 or earlier).
Prioritize upgrade or vendor-recommended remediation for affected clusters using Oracle’s January 2017 CPU advisory as the vendor reference.
Restrict network access to MySQL Cluster nodes to trusted administrative and application networks only.
Monitor cluster availability and error conditions for unusual service interruptions until affected systems are remediated.
Track the Oracle advisory and NVD record for any vendor guidance or revision history updates.

Evidence notes

This debrief is based on the NVD record for CVE-2017-3321 and its linked Oracle CPU January 2017 advisory reference. The NVD entry lists affected Oracle MySQL Cluster versions as 7.2.19 and earlier, 7.3.8 and earlier, and 7.4.5 and earlier, and classifies the issue as CVSS 3.0 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L with CWE-20. The record states that an unauthenticated network attacker can cause partial denial of service. CVE published date used here is 2017-01-27T22:59:04.633Z; modified date is 2026-05-13T00:24:29.033Z.

Official resources

CVE-2017-3321 CVE record
CVE.org
CVE-2017-3321 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]

CVE published by NVD on 2017-01-27 and last modified on 2026-05-13. The NVD record points to Oracle’s January 2017 CPU advisory as the vendor reference.