CVE-2017-10378 in MySQL Server
Summary
by MITRE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/18/2021
The vulnerability identified as CVE-2017-10378 resides within the MySQL Server optimizer component, specifically affecting Oracle MySQL installations across multiple version branches. This issue impacts MySQL Server versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier, representing a significant attack surface across the MySQL ecosystem. The vulnerability's classification as easily exploitable indicates that attackers with minimal privileges and network access can leverage this flaw, making it particularly dangerous in environments where MySQL servers are accessible over networks. The CVSS 3.0 scoring system assigns this vulnerability a base score of 6.5, with the availability impact component rated at high severity, reflecting the potential for complete denial of service conditions.
The technical flaw manifests within the server optimizer's handling of specific query processing scenarios, where improper memory management or control flow issues can occur during query execution. This vulnerability enables attackers to craft malicious queries or exploit existing query patterns that trigger the optimizer to enter an invalid state, ultimately leading to server instability. The attack vector requires only network access via multiple protocols, meaning that the vulnerability can be exploited through various connection methods including TCP/IP, Unix sockets, or named pipes depending on the server configuration. The low privilege requirement indicates that even users with minimal database permissions can potentially execute this attack, making it particularly concerning for multi-tenant environments or applications where user access is tightly controlled.
The operational impact of this vulnerability extends beyond simple service disruption, as successful exploitation can result in complete system downtime through repeated crashes or hanging conditions that require manual intervention to resolve. This type of vulnerability directly impacts business continuity and can cause cascading failures in applications that depend on MySQL for data persistence. Organizations may experience significant downtime during attack windows, with recovery often requiring server restarts, database connection resets, and potential data recovery procedures. The vulnerability's ability to cause frequent repeatable crashes means that even a single successful attack can render the database service unavailable for extended periods, potentially affecting critical business operations and user access to applications that depend on the database.
Mitigation strategies for CVE-2017-10378 should prioritize immediate patching of affected MySQL versions to the latest available releases, as Oracle has provided security updates addressing this specific vulnerability. Network segmentation and firewall rules should be implemented to limit access to MySQL servers, reducing the attack surface for potential exploitation. Access controls should be strictly enforced through proper user privilege management, ensuring that database users have only the minimum necessary permissions to perform their functions. Additionally, implementing connection pooling, query monitoring, and intrusion detection systems can help identify anomalous query patterns that may indicate exploitation attempts. Organizations should also consider implementing database activity monitoring solutions that can detect and alert on potentially malicious query execution patterns, providing early warning capabilities for such optimizer-based vulnerabilities. The vulnerability aligns with CWE-121, which addresses buffer overflow conditions, and represents a classic example of how optimizer flaws can create availability impacts in database systems, potentially mapping to ATT&CK technique T1499.004 for network denial of service attacks.