CVE-2017-3243 Redhat CVE debrief

Who should care

Database administrators and platform teams running Oracle MySQL 5.5.53 or earlier should pay attention, especially if administrative or other high-privilege network access is exposed. Downstream Linux distribution maintainers and operators using vendor-packaged MySQL/MariaDB builds should also check their package errata, since NVD includes Debian, Red Hat, and MariaDB-related vulnerable CPEs.

Technical summary

The public record describes a MySQL Server vulnerability in the Charsets area with an availability-only outcome: unauthorized ability to cause a hang or a frequently repeatable crash of MySQL Server. The NVD CVSS v3.1 vector is AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating remote access is possible but requires high privileges and has no confidentiality or integrity impact. NVD does not assign a specific CWE beyond NVD-CWE-noinfo, so the exact coding flaw is not detailed in the supplied corpus.

Defensive priority

Medium. The issue is limited to denial of service and requires high privileges, but it can still take down a database service and may be relevant in environments where privileged remote administration is common or where legacy 5.5 deployments remain in use.

Recommended defensive actions

• Confirm whether any Oracle MySQL deployments are at version 5.5.53 or earlier and schedule an upgrade or vendor backport immediately.
• Apply the Oracle January 2017 CPU fix, or the equivalent downstream vendor advisory/errata for your distribution package.
• Check vendor package metadata for affected MariaDB, Debian, and Red Hat builds to ensure the fix was backported into your OS packages.
• Restrict network access to high-privilege MySQL administrative paths and review who can authenticate with elevated database permissions.
• Monitor for server hangs or repeatable crashes in MySQL service health checks and ensure restart/HA recovery procedures are tested.
• Treat this as a routine but timely patch item rather than an emergency exploit-mitigation event, given the high-privilege prerequisite and availability-only impact.

Evidence notes

The debrief is based on the supplied NVD record and its referenced Oracle CPU advisory. NVD states the vulnerable Oracle MySQL range as 5.5.0 through 5.5.53, describes the impact as a hang or frequently repeatable crash, and assigns CVSS v3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. The record also lists downstream vulnerable CPEs for MariaDB, Debian 8, and multiple Red Hat Enterprise Linux variants, which supports checking vendor-specific backports. Published date in the supplied corpus is 2017-01-27; the later modified date of 2026-05-13 reflects record maintenance, not initial disclosure.

Official resources