Buffer overflow in mysql - CVE-2012-0882
Published: December 21, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43240
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-0882
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
mysql
mysql
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
How to mitigate CVE-2012-0882
Install update from vendor's website.
Sources
- http://www.openwall.com/lists/oss-security/2012/02/24/2
- https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability
- https://bugzilla.redhat.com/show_bug.cgi?id=789141
- https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
- https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html