Bug 1422119 (CVE-2017-3302) - CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect
Summary: CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-3302
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1422122 1445524 1445525 1458933 1463415 1463416 1463417 1463418
Blocks: 1422124 1443389
TreeView+ depends on / blocked
 
Reported: 2017-02-14 14:05 UTC by Martin Prpič
Modified: 2021-06-10 11:56 UTC (History)
27 users (show)

Fixed In Version: mysql 5.5.55, mysql 5.6.21, mysql 5.7.5, mariadb 10.0.30, mariadb 10.1.22, mariadb 10.2.5, mariadb 5.5.55
Clone Of:
Environment:
Last Closed: 2018-03-21 15:02:59 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2192 0 normal SHIPPED_LIVE Moderate: mariadb security and bug fix update 2017-08-01 18:18:36 UTC
Red Hat Product Errata RHSA-2017:2787 0 normal SHIPPED_LIVE Important: rh-mysql56-mysql security and bug fix update 2017-09-21 11:42:12 UTC
Red Hat Product Errata RHSA-2018:0279 0 normal SHIPPED_LIVE Moderate: rh-mariadb100-mariadb security update 2018-02-06 18:00:11 UTC
Red Hat Product Errata RHSA-2018:0574 0 None None None 2018-03-21 14:03:19 UTC

Description Martin Prpič 2017-02-14 14:05:11 UTC 
A use-after-free flaw was found in the MySQL client library (libmysqlclient.so). A malicious MySQL server could cause an application using the MySQL client library to crash.

Upstream bugs:

https://bugs.mysql.com/bug.php?id=70429
https://bugs.mysql.com/bug.php?id=63363

Upstream patch:

https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
Comment 1 Martin Prpič 2017-02-14 14:07:13 UTC 
Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 1422122]
Comment 2 Martin Prpič 2017-02-14 14:10:26 UTC 
This was first posted on oss-sec:

http://www.openwall.com/lists/oss-security/2017/01/28/1
Comment 3 Tomas Hoger 2017-04-24 12:35:07 UTC 
The issue was fixed in MySQL 5.5.55 and is listed in the April 2017 CPU:

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
Comment 8 Tomas Hoger 2017-06-13 20:30:17 UTC 
MariaDB upstream bug and commit:

https://jira.mariadb.org/browse/MDEV-11933
https://github.com/MariaDB/server/commit/eef21014898d61e77890359d6546d4985d829ef6
Comment 10 errata-xmlrpc 2017-08-01 19:44:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2192
Comment 11 errata-xmlrpc 2017-09-21 07:47:34 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS

Via RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787
Comment 12 errata-xmlrpc 2018-02-06 11:00:53 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0279
Comment 13 errata-xmlrpc 2018-03-21 14:03:06 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:0574
Note You need to log in before you can comment on or make changes to this bug.