Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-j7uc-c14d-nqac

Summary

Multiple vulnerabilities were found in MySQL, the worst of which
    may allow remote execution of arbitrary code.

Aliases

alias	CVE-2017-3599

Fixed_packages

url	pkg:ebuild/dev-db/mysql@5.6.39
purl	pkg:ebuild/dev-db/mysql@5.6.39
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/mysql@5.6.39

Affected_packages

url pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5?arch=el7

purl pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gmc-pj6y-rkfx

vulnerability	VCID-2gyq-q761-h3br

vulnerability	VCID-2rf6-qaey-1ubn

vulnerability	VCID-2za2-cnwx-hbbw

vulnerability	VCID-4cnj-7fur-3qe3

vulnerability	VCID-4yz4-vxnh-b3dp

vulnerability	VCID-52w9-bgxr-nkba

vulnerability	VCID-5sjj-599v-vybg

vulnerability	VCID-6g4n-3xfu-hfee

vulnerability	VCID-6nfa-zy2p-zkdj

vulnerability	VCID-8p2f-ab4e-yyd1

vulnerability	VCID-9f48-53dz-13an

vulnerability	VCID-9w98-nfg2-muh2

vulnerability	VCID-9y4c-n9n1-r3ff

vulnerability	VCID-bhxk-8byp-eyap

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-j7uc-c14d-nqac

vulnerability	VCID-jgff-4jyp-9fgr

vulnerability	VCID-mde2-1ynu-auh2

vulnerability	VCID-mz71-vku8-ckbm

vulnerability	VCID-n2gx-t138-9bgc

vulnerability	VCID-nj41-1zpw-gkh9

vulnerability	VCID-nxh7-fuvk-pqc8

vulnerability	VCID-p623-gxyv-g7fs

vulnerability	VCID-pv92-6p9x-v7bs

vulnerability	VCID-r2cz-9kjz-zbgu

vulnerability	VCID-rssq-mfc2-ckaf

vulnerability	VCID-tf68-atyj-b7cj

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-u2c7-p86x-5bgf

vulnerability	VCID-un5y-y9sq-1ufb

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-v4gv-g9n5-ukgc

vulnerability	VCID-vfhu-cx61-77f1

vulnerability	VCID-wrna-cc9g-sqbe

vulnerability	VCID-x241-zyjq-ebah

vulnerability	VCID-xyuf-au4f-57fr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5%3Farch=el7

url pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5?arch=el6

purl pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gmc-pj6y-rkfx

vulnerability	VCID-2gyq-q761-h3br

vulnerability	VCID-2rf6-qaey-1ubn

vulnerability	VCID-2za2-cnwx-hbbw

vulnerability	VCID-4cnj-7fur-3qe3

vulnerability	VCID-4yz4-vxnh-b3dp

vulnerability	VCID-52w9-bgxr-nkba

vulnerability	VCID-5sjj-599v-vybg

vulnerability	VCID-6g4n-3xfu-hfee

vulnerability	VCID-6nfa-zy2p-zkdj

vulnerability	VCID-8p2f-ab4e-yyd1

vulnerability	VCID-9f48-53dz-13an

vulnerability	VCID-9w98-nfg2-muh2

vulnerability	VCID-9y4c-n9n1-r3ff

vulnerability	VCID-bhxk-8byp-eyap

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-j7uc-c14d-nqac

vulnerability	VCID-jgff-4jyp-9fgr

vulnerability	VCID-mde2-1ynu-auh2

vulnerability	VCID-mz71-vku8-ckbm

vulnerability	VCID-n2gx-t138-9bgc

vulnerability	VCID-nj41-1zpw-gkh9

vulnerability	VCID-nxh7-fuvk-pqc8

vulnerability	VCID-p623-gxyv-g7fs

vulnerability	VCID-pv92-6p9x-v7bs

vulnerability	VCID-r2cz-9kjz-zbgu

vulnerability	VCID-rssq-mfc2-ckaf

vulnerability	VCID-tf68-atyj-b7cj

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-u2c7-p86x-5bgf

vulnerability	VCID-un5y-y9sq-1ufb

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-v4gv-g9n5-ukgc

vulnerability	VCID-vfhu-cx61-77f1

vulnerability	VCID-wrna-cc9g-sqbe

vulnerability	VCID-x241-zyjq-ebah

vulnerability	VCID-xyuf-au4f-57fr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql56-mysql@5.6.37-5%3Farch=el6

url pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6?arch=el7

purl pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1wku-281z-pkg2

vulnerability	VCID-2gyq-q761-h3br

vulnerability	VCID-2rf6-qaey-1ubn

vulnerability	VCID-2za2-cnwx-hbbw

vulnerability	VCID-3mvb-yszd-sqcr

vulnerability	VCID-4yz4-vxnh-b3dp

vulnerability	VCID-5sjj-599v-vybg

vulnerability	VCID-67sx-dk4r-yfb6

vulnerability	VCID-6g4n-3xfu-hfee

vulnerability	VCID-6nfa-zy2p-zkdj

vulnerability	VCID-8p2f-ab4e-yyd1

vulnerability	VCID-9f48-53dz-13an

vulnerability	VCID-9w98-nfg2-muh2

vulnerability	VCID-9y4c-n9n1-r3ff

vulnerability	VCID-aj47-bgya-33e8

vulnerability	VCID-apdj-21j8-33gc

vulnerability	VCID-bhxk-8byp-eyap

vulnerability	VCID-cpmw-6wnf-5fhu

vulnerability	VCID-exub-t1nc-n3a6

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-fb3q-pxc2-qqdz

vulnerability	VCID-j7uc-c14d-nqac

vulnerability	VCID-jdcu-4mpq-1far

vulnerability	VCID-jgff-4jyp-9fgr

vulnerability	VCID-jh1g-h62w-3yhd

vulnerability	VCID-mde2-1ynu-auh2

vulnerability	VCID-mna9-kjfu-xkcn

vulnerability	VCID-mz71-vku8-ckbm

vulnerability	VCID-n2gx-t138-9bgc

vulnerability	VCID-nfxj-pb12-xfbc

vulnerability	VCID-nj41-1zpw-gkh9

vulnerability	VCID-nsam-w1d3-pbdb

vulnerability	VCID-nxh7-fuvk-pqc8

vulnerability	VCID-p623-gxyv-g7fs

vulnerability	VCID-pv92-6p9x-v7bs

vulnerability	VCID-py18-tg4u-h3d2

vulnerability	VCID-pyk1-dgtz-h7fw

vulnerability	VCID-qrk5-6ryp-wkce

vulnerability	VCID-r1ah-dt43-3kc4

vulnerability	VCID-rg55-f36d-3ybb

vulnerability	VCID-rssq-mfc2-ckaf

vulnerability	VCID-tf68-atyj-b7cj

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-u2c7-p86x-5bgf

vulnerability	VCID-uc9j-1fjq-e7et

vulnerability	VCID-un5y-y9sq-1ufb

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-v4gv-g9n5-ukgc

vulnerability	VCID-vfhu-cx61-77f1

vulnerability	VCID-w1u1-r49p-yycs

vulnerability	VCID-w8a7-1nnk-kub5

vulnerability	VCID-wjfw-kksb-a7aw

vulnerability	VCID-wnkm-c1tm-53bb

vulnerability	VCID-wrna-cc9g-sqbe

vulnerability	VCID-x4j5-9wz1-k3ba

vulnerability	VCID-xm6s-rath-87av

vulnerability	VCID-xyuf-au4f-57fr

vulnerability	VCID-zx7y-1ubr-byhu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6%3Farch=el7

url pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6?arch=el6

purl pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1wku-281z-pkg2

vulnerability	VCID-2gyq-q761-h3br

vulnerability	VCID-2rf6-qaey-1ubn

vulnerability	VCID-2za2-cnwx-hbbw

vulnerability	VCID-3mvb-yszd-sqcr

vulnerability	VCID-4yz4-vxnh-b3dp

vulnerability	VCID-5sjj-599v-vybg

vulnerability	VCID-67sx-dk4r-yfb6

vulnerability	VCID-6g4n-3xfu-hfee

vulnerability	VCID-6nfa-zy2p-zkdj

vulnerability	VCID-8p2f-ab4e-yyd1

vulnerability	VCID-9f48-53dz-13an

vulnerability	VCID-9w98-nfg2-muh2

vulnerability	VCID-9y4c-n9n1-r3ff

vulnerability	VCID-aj47-bgya-33e8

vulnerability	VCID-apdj-21j8-33gc

vulnerability	VCID-bhxk-8byp-eyap

vulnerability	VCID-cpmw-6wnf-5fhu

vulnerability	VCID-exub-t1nc-n3a6

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-fb3q-pxc2-qqdz

vulnerability	VCID-j7uc-c14d-nqac

vulnerability	VCID-jdcu-4mpq-1far

vulnerability	VCID-jgff-4jyp-9fgr

vulnerability	VCID-jh1g-h62w-3yhd

vulnerability	VCID-mde2-1ynu-auh2

vulnerability	VCID-mna9-kjfu-xkcn

vulnerability	VCID-mz71-vku8-ckbm

vulnerability	VCID-n2gx-t138-9bgc

vulnerability	VCID-nfxj-pb12-xfbc

vulnerability	VCID-nj41-1zpw-gkh9

vulnerability	VCID-nsam-w1d3-pbdb

vulnerability	VCID-nxh7-fuvk-pqc8

vulnerability	VCID-p623-gxyv-g7fs

vulnerability	VCID-pv92-6p9x-v7bs

vulnerability	VCID-py18-tg4u-h3d2

vulnerability	VCID-pyk1-dgtz-h7fw

vulnerability	VCID-qrk5-6ryp-wkce

vulnerability	VCID-r1ah-dt43-3kc4

vulnerability	VCID-rg55-f36d-3ybb

vulnerability	VCID-rssq-mfc2-ckaf

vulnerability	VCID-tf68-atyj-b7cj

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-u2c7-p86x-5bgf

vulnerability	VCID-uc9j-1fjq-e7et

vulnerability	VCID-un5y-y9sq-1ufb

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-v4gv-g9n5-ukgc

vulnerability	VCID-vfhu-cx61-77f1

vulnerability	VCID-w1u1-r49p-yycs

vulnerability	VCID-w8a7-1nnk-kub5

vulnerability	VCID-wjfw-kksb-a7aw

vulnerability	VCID-wnkm-c1tm-53bb

vulnerability	VCID-wrna-cc9g-sqbe

vulnerability	VCID-x4j5-9wz1-k3ba

vulnerability	VCID-xm6s-rath-87av

vulnerability	VCID-xyuf-au4f-57fr

vulnerability	VCID-zx7y-1ubr-byhu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql57-mysql@5.7.19-6%3Farch=el6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3599.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-3599

reference_id

reference_type

scores

value	0.87337
scoring_system	epss
scoring_elements	0.99457
published_at	2026-04-18T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99448
published_at	2026-04-04T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99447
published_at	2026-04-02T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.9945
published_at	2026-04-07T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99451
published_at	2026-04-08T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99452
published_at	2026-04-09T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99453
published_at	2026-04-11T12:55:00Z

value	0.87337
scoring_system	epss
scoring_elements	0.99454
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-3599

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.exploit-db.com/exploits/41954/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

https://www.exploit-db.com/exploits/41954/

reference_url

https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

reference_url

http://www.securityfocus.com/bid/97754

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

http://www.securityfocus.com/bid/97754

reference_url

http://www.securitytracker.com/id/1038287

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

http://www.securitytracker.com/id/1038287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1443386
reference_id	1443386
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1443386

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql::::::::
reference_id	cpe:2.3:a:oracle:mysql::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql::::::::

reference_url	https://github.com/SECFORCE/CVE-2017-3599/blob/575707b35ab6b18fe87577392fc45b036f46e217/cve-2017-3599_poc.py
reference_id	CVE-2017-3599
reference_type	exploit
scores
url	https://github.com/SECFORCE/CVE-2017-3599/blob/575707b35ab6b18fe87577392fc45b036f46e217/cve-2017-3599_poc.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41954.py
reference_id	CVE-2017-3599
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41954.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-3599

reference_id

CVE-2017-3599

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-3599

reference_url	https://security.gentoo.org/glsa/201802-04
reference_id	GLSA-201802-04
reference_type
scores
url	https://security.gentoo.org/glsa/201802-04

reference_url

https://access.redhat.com/errata/RHSA-2017:2787

reference_id

RHSA-2017:2787

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

https://access.redhat.com/errata/RHSA-2017:2787

reference_url

https://access.redhat.com/errata/RHSA-2017:2886

reference_id

RHSA-2017:2886

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:19:42Z/

url

https://access.redhat.com/errata/RHSA-2017:2886

reference_url	https://usn.ubuntu.com/3269-1/
reference_id	USN-3269-1
reference_type
scores
url	https://usn.ubuntu.com/3269-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Exploits

date_added	2017-05-01
description	MySQL < 5.6.35 / < 5.7.17 - Integer Overflow
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2017-05-01
exploit_type	dos
platform	multiple
source_date_updated	2017-09-18
data_source	Exploit-DB
source_url	https://github.com/SECFORCE/CVE-2017-3599/blob/575707b35ab6b18fe87577392fc45b036f46e217/cve-2017-3599_poc.py

Severity_range_score 2.6 - 7.8

Exploitability 2.0

Weighted_severity 7.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uc-c14d-nqac

Vulnerability Instance