CVE-2017-3322 Oracle CVE debrief

Who should care

Administrators and operators of Oracle MySQL Cluster deployments, especially any environment running affected 7.2, 7.3, or 7.4 releases. This matters most where the cluster is reachable over networks that an attacker could access.

Technical summary

The vulnerability is documented in the MySQL Cluster component, specifically NDBAPI. According to the NVD CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L), the issue is network reachable, requires no privileges or user interaction, and is limited to availability impact. The described outcome is an attacker being able to cause partial denial of service in MySQL Cluster.

Defensive priority

Low to routine priority: patch during normal maintenance windows, and prioritize sooner if the cluster is exposed to broader network access.

Recommended defensive actions

• Review Oracle MySQL Cluster instances for affected versions at or below 7.2.25, 7.3.14, and 7.4.12.
• Apply Oracle's January 2017 CPU guidance or later supported updates that remediate the issue.
• Restrict network exposure to MySQL Cluster where possible, since the vulnerability is reachable over the network.
• Monitor for service instability or partial availability issues in cluster environments until patched.
• Use the NVD and Oracle advisory references to confirm remediation status in your deployment.

Evidence notes

This debrief is based on the supplied NVD record and Oracle advisory references. The source corpus identifies the issue as an Oracle MySQL Cluster NDBAPI vulnerability, with unauthenticated network attack potential and partial denial of service impact. The supplied enrichment does not mark this CVE as a Known Exploited Vulnerability.

Official resources