CVE-2017-3244 Redhat CVE debrief

Who should care

Administrators and operators running Oracle MySQL versions 5.5.53 and earlier, 5.6.34 and earlier, or 5.7.16 and earlier should review this issue first. Teams managing MariaDB or vendor-packaged database builds referenced by the NVD CPEs should also validate whether their packaged versions are affected.

Technical summary

The NVD record describes an easily exploitable vulnerability in the MySQL Server component (Server: DML) that is reachable over the network via multiple protocols and requires low privileges. Successful exploitation is described as causing a hang or frequently repeatable crash, resulting in a complete denial of service. NVD assigns CVSS v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5).

Defensive priority

Medium priority: availability-impacting issue with network exposure and low-privilege requirements, but no confidentiality or integrity impact is described in the supplied record.

Recommended defensive actions

• Confirm whether any deployed Oracle MySQL instances are at or below 5.5.53, 5.6.34, or 5.7.16.
• Apply the vendor patch or upgrade to a fixed release referenced by Oracle's January 2017 CPU advisory.
• Review packaged database distributions and downstream vendor advisories before assuming non-Oracle builds are unaffected.
• Reduce unnecessary network exposure to database services and limit which hosts can connect to MySQL.
• Monitor for service instability, repeated crashes, or unexpected hangs on affected database servers.

Evidence notes

This debrief is based only on the supplied NVD record and its listed references. The CVE was published on 2017-01-27T22:59:02.460Z and modified on 2026-05-13T00:24:29.033Z. The source corpus states affected Oracle MySQL versions and includes references to Oracle's January 2017 CPU advisory, Red Hat errata, Debian advisories, and other third-party references. No KEV entry is present in the supplied data.

Official resources