Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
Created community-mysql tracking bugs for this issue: Affects: fedora-all [bug 1443407]
It seems this CVE may be related to this commit: https://github.com/mysql/mysql-server/commit/f4165eae6384141905dd39d22c7611ea85de08f4 It addresses an integer underflow issue, that may lead to buffer overflow (probably limited to over-read). As it's in the code that parses authentication message sent during the connection handshake, it would be a pre-authentication remote DoS.
Blog post from the original issue reporter confirms information in comment 2: https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/
External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/
This issue is partially mitigated by the automatic restart of mysqld after the crash. It's traditionally achieved by the use of mysqld_safe wrapper script, but is more recently handled by systemd (e.g. as is the case for rh-mysql57 collection for Red Hat Software Collections for Red Hat Enterprise Linux 7).
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2017:2886