{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-10155","title":"Title"},{"category":"description","text":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-10155","url":"https://www.suse.com/security/cve/CVE-2017-10155"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1064096 for CVE-2017-10155","url":"https://bugzilla.suse.com/1064096"},{"category":"external","summary":"SUSE Bug 1064119 for CVE-2017-10155","url":"https://bugzilla.suse.com/1064119"},{"category":"external","summary":"Advisory link for openSUSE-SU-2017:2868-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z7DVWELHOI3HIW2TCX7MRYG6JIMYW4R2/#Z7DVWELHOI3HIW2TCX7MRYG6JIMYW4R2"}],"title":"SUSE CVE CVE-2017-10155","tracking":{"current_release_date":"2026-03-15T12:11:20Z","generator":{"date":"2023-02-15T04:44:02Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-10155","initial_release_date":"2023-02-15T04:44:02Z","revision_history":[{"date":"2023-02-15T04:44:02Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:23:10Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:04:31Z","number":"4","summary":"Current version"},{"date":"2025-01-01T08:47:26Z","number":"5","summary":"Current version"},{"date":"2025-02-18T07:42:36Z","number":"6","summary":"Current version"},{"date":"2025-03-14T04:48:55Z","number":"7","summary":"Current version"},{"date":"2025-03-16T03:00:29Z","number":"8","summary":"Current version"},{"date":"2025-04-25T07:59:32Z","number":"9","summary":"Current version"},{"date":"2026-03-15T12:11:20Z","number":"10","summary":"severity changed from important to moderate"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_version","name":"libmysql55client18","product":{"name":"libmysql55client18","product_id":"libmysql55client18","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysql55client18@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysql55client18-32bit","product":{"name":"libmysql55client18-32bit","product_id":"libmysql55client18-32bit","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysql55client18-32bit@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysql55client_r18","product":{"name":"libmysql55client_r18","product_id":"libmysql55client_r18","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysql55client_r18@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysql55client_r18-32bit","product":{"name":"libmysql55client_r18-32bit","product_id":"libmysql55client_r18-32bit","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysql55client_r18-32bit@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysqlclient15","product":{"name":"libmysqlclient15","product_id":"libmysqlclient15","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysqlclient15@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysqlclient15-32bit","product":{"name":"libmysqlclient15-32bit","product_id":"libmysqlclient15-32bit","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysqlclient15-32bit@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"libmysqlclient_r15","product":{"name":"libmysqlclient_r15","product_id":"libmysqlclient_r15","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libmysqlclient_r15@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"mysql","product":{"name":"mysql","product_id":"mysql","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/mysql@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"mysql-client","product":{"name":"mysql-client","product_id":"mysql-client","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/mysql-client@?upstream=mysql.src.rpm"}}},{"category":"product_version","name":"mysql-tools","product":{"name":"mysql-tools","product_id":"mysql-tools","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/mysql-tools@?upstream=mysql.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libmysql55client18 as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client18"},"product_reference":"libmysql55client18","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysql55client18-32bit as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client18-32bit"},"product_reference":"libmysql55client18-32bit","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysql55client_r18 as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client_r18"},"product_reference":"libmysql55client_r18","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysql55client_r18-32bit as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client_r18-32bit"},"product_reference":"libmysql55client_r18-32bit","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysqlclient15 as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient15"},"product_reference":"libmysqlclient15","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysqlclient15-32bit as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient15-32bit"},"product_reference":"libmysqlclient15-32bit","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"libmysqlclient_r15 as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient_r15"},"product_reference":"libmysqlclient_r15","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"mysql as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:mysql"},"product_reference":"mysql","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"mysql-client as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:mysql-client"},"product_reference":"mysql-client","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"mysql-tools as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:mysql-tools"},"product_reference":"mysql-tools","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"}]},"vulnerabilities":[{"cve":"CVE-2017-10155","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-10155"}],"notes":[{"category":"general","text":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client18","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client18-32bit","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client_r18","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysql55client_r18-32bit","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient15","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient15-32bit","SUSE Linux Enterprise Server 11 SP4-LTSS:libmysqlclient_r15","SUSE Linux Enterprise Server 11 SP4-LTSS:mysql","SUSE Linux Enterprise Server 11 SP4-LTSS:mysql-client","SUSE Linux Enterprise Server 11 SP4-LTSS:mysql-tools"]},"references":[{"category":"external","summary":"CVE-2017-10155","url":"https://www.suse.com/security/cve/CVE-2017-10155"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1064096 for CVE-2017-10155","url":"https://bugzilla.suse.com/1064096"},{"category":"external","summary":"SUSE Bug 1064119 for CVE-2017-10155","url":"https://bugzilla.suse.com/1064119"},{"category":"external","summary":"Advisory link for openSUSE-SU-2017:2868-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z7DVWELHOI3HIW2TCX7MRYG6JIMYW4R2/#Z7DVWELHOI3HIW2TCX7MRYG6JIMYW4R2"}],"threats":[{"category":"impact","date":"2017-10-18T12:38:16Z","details":"moderate"}],"title":"CVE-2017-10155"}]}