CVE-2017-3302 Redhat CVE debrief

Who should care

Administrators and developers running Oracle MySQL or MariaDB client libraries, plus operators of applications that link against libmysqlclient.so. Debian and Red Hat system owners should also check the linked vendor advisories for packaged downstream fixes.

Technical summary

The NVD record describes a crash in libmysqlclient.so. The published CVSS vector shows a network-reachable, low-complexity issue with no privileges or user interaction required, and the impact is limited to availability. NVD maps the weakness to CWE-416 and lists affected upstream versions for Oracle MySQL and MariaDB, along with several downstream Debian 8.0 and Red Hat Enterprise Linux 7 product CPEs.

Defensive priority

High

Recommended defensive actions

• Inventory hosts and applications that use Oracle MySQL or MariaDB client libraries, including packaged libmysqlclient.so deployments.
• Upgrade beyond the vulnerable version ranges listed by NVD for Oracle MySQL and MariaDB.
• For Debian and Red Hat systems, apply the vendor advisories referenced by NVD and verify the patched packages are installed.
• Restart affected services after patching so they load the updated client library.
• Monitor for unexpected crashes in applications that depend on libmysqlclient.so, especially in production services.

Evidence notes

All substantive details come from the supplied NVD CVE record and its referenced advisories. The affected version ranges, CVSS vector, and CWE-416 classification are taken from NVD. Timing context uses the CVE published date of 2017-02-12 and the referenced Oracle, Debian, and Red Hat advisories cited in the record. No exploit code or unsupported exploitation claims are included.

Official resources