PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3238 Redhat CVE debrief

CVE-2017-3238 is a network-reachable denial-of-service issue in the Oracle MySQL Server optimizer. Oracle and NVD describe it as exploitable by a low-privileged attacker over multiple protocols, with impact limited to availability: a hang or repeatable crash of MySQL Server. Oracle lists affected releases as MySQL 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier.

Vendor
Redhat
Product
CVE-2017-3238
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-27
Original CVE updated
2026-05-13
Advisory published
2017-01-27
Advisory updated
2026-05-13

Who should care

Administrators and security teams responsible for Oracle MySQL deployments, especially servers exposed to untrusted networks or accessible by low-privileged database users. Also relevant to operators of downstream packages and distributions that ship affected MySQL builds or vendor-mapped variants.

Technical summary

The vulnerability is in the MySQL Server component, specifically the optimizer subcomponent. The published CVSS v3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting remote exploitability with low privileges and a primary availability impact. The NVD record maps affected Oracle MySQL versions to 5.5.0 through 5.5.53, 5.6.0 through 5.6.34, and 5.7.0 through 5.7.16, and also includes related downstream platform CPEs. The public record does not indicate confidentiality or integrity impact.

Defensive priority

Medium — prioritize for any MySQL instance that is network-exposed, shared across trust boundaries, or running an affected version line.

Recommended defensive actions

  • Verify the installed MySQL version and compare it with Oracle's affected ranges for 5.5, 5.6, and 5.7.
  • Apply the Oracle CPU January 2017 update or the corresponding vendor/distribution errata for your platform.
  • Restrict network access to MySQL so only required hosts and administrative paths can reach the service.
  • Review low-privilege database accounts and remove unnecessary access that could be used to trigger the issue.
  • Monitor for unexpected MySQL hangs or repeatable crashes and treat them as potential indicators of exposure.
  • If you rely on downstream packages, confirm the fix status with the distributor advisory rather than version strings alone.

Evidence notes

This debrief is based on the CVE record published on 2017-01-27 and the NVD/Oracle reference set in the supplied corpus. Oracle's advisory and NVD both identify the issue as a MySQL Server optimizer vulnerability with availability-only impact. The CVE was later modified in NVD on 2026-05-13, but that modification date is not the issue date. No KEV listing or ransomware linkage is present in the supplied data.

Official resources

Publicly disclosed on 2017-01-27. The supplied data shows no Known Exploited Vulnerabilities listing and no known ransomware campaign use.