CVE-2012-0882 - Vulnerability Details

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mysql	Mysql
Oracle	Mysql

Configuration 1 [-]

OR	cpe:2.3:a:oracle:mysql:5.5.0:::::::*
	cpe:2.3:a:oracle:mysql:5.5.1:::::::*
	cpe:2.3:a:oracle:mysql:5.5.2:::::::*
	cpe:2.3:a:oracle:mysql:5.5.3:::::::*
	cpe:2.3:a:oracle:mysql:5.5.4:::::::*
	cpe:2.3:a:oracle:mysql:5.5.5:::::::*
	cpe:2.3:a:oracle:mysql:5.5.6:::::::*
	cpe:2.3:a:oracle:mysql:5.5.7:::::::*
	cpe:2.3:a:oracle:mysql:5.5.9:::::::*
	cpe:2.3:a:oracle:mysql:5.5.10:::::::*
	cpe:2.3:a:oracle:mysql:5.5.11:::::::*
	cpe:2.3:a:oracle:mysql:5.5.12:::::::*
	cpe:2.3:a:oracle:mysql:5.5.13:::::::*
	cpe:2.3:a:oracle:mysql:5.5.14:::::::*
	cpe:2.3:a:oracle:mysql:5.5.15:::::::*
	cpe:2.3:a:oracle:mysql:5.5.16:::::::*
	cpe:2.3:a:oracle:mysql:5.5.17:::::::*
	cpe:2.3:a:oracle:mysql:5.5.18:::::::*
	cpe:2.3:a:oracle:mysql:5.5.19:::::::*
	cpe:2.3:a:oracle:mysql:5.5.20:::::::*
	cpe:2.3:a:oracle:mysql:5.5.21:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:mysql:mysql:5.1.5:::::::*
	cpe:2.3:a:mysql:mysql:5.1.23:::::::*
	cpe:2.3:a:mysql:mysql:5.1.31:::::::*
	cpe:2.3:a:mysql:mysql:5.1.32:::::::*
	cpe:2.3:a:mysql:mysql:5.1.34:::::::*
	cpe:2.3:a:mysql:mysql:5.1.37:::::::*
	cpe:2.3:a:oracle:mysql:5.1:::::::*
	cpe:2.3:a:oracle:mysql:5.1.1:::::::*
	cpe:2.3:a:oracle:mysql:5.1.2:::::::*
	cpe:2.3:a:oracle:mysql:5.1.3:::::::*
	cpe:2.3:a:oracle:mysql:5.1.4:::::::*
	cpe:2.3:a:oracle:mysql:5.1.6:::::::*
	cpe:2.3:a:oracle:mysql:5.1.7:::::::*
	cpe:2.3:a:oracle:mysql:5.1.8:::::::*
	cpe:2.3:a:oracle:mysql:5.1.9:::::::*
	cpe:2.3:a:oracle:mysql:5.1.10:::::::*
	cpe:2.3:a:oracle:mysql:5.1.11:::::::*
	cpe:2.3:a:oracle:mysql:5.1.12:::::::*
	cpe:2.3:a:oracle:mysql:5.1.13:::::::*
	cpe:2.3:a:oracle:mysql:5.1.14:::::::*
	cpe:2.3:a:oracle:mysql:5.1.15:::::::*
	cpe:2.3:a:oracle:mysql:5.1.16:::::::*
	cpe:2.3:a:oracle:mysql:5.1.17:::::::*
	cpe:2.3:a:oracle:mysql:5.1.18:::::::*
	cpe:2.3:a:oracle:mysql:5.1.19:::::::*
	cpe:2.3:a:oracle:mysql:5.1.20:::::::*
	cpe:2.3:a:oracle:mysql:5.1.21:::::::*
	cpe:2.3:a:oracle:mysql:5.1.22:::::::*
	cpe:2.3:a:oracle:mysql:5.1.23:a::::::
	cpe:2.3:a:oracle:mysql:5.1.24:::::::*
	cpe:2.3:a:oracle:mysql:5.1.25:::::::*
	cpe:2.3:a:oracle:mysql:5.1.26:::::::*
	cpe:2.3:a:oracle:mysql:5.1.27:::::::*
	cpe:2.3:a:oracle:mysql:5.1.28:::::::*
	cpe:2.3:a:oracle:mysql:5.1.29:::::::*
	cpe:2.3:a:oracle:mysql:5.1.30:::::::*
	cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.33:::::::*
	cpe:2.3:a:oracle:mysql:5.1.34:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.35:::::::*
	cpe:2.3:a:oracle:mysql:5.1.36:::::::*
	cpe:2.3:a:oracle:mysql:5.1.37:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.38:::::::*
	cpe:2.3:a:oracle:mysql:5.1.39:::::::*
	cpe:2.3:a:oracle:mysql:5.1.40:::::::*
	cpe:2.3:a:oracle:mysql:5.1.40:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.41:::::::*
	cpe:2.3:a:oracle:mysql:5.1.42:::::::*
	cpe:2.3:a:oracle:mysql:5.1.43:::::::*
	cpe:2.3:a:oracle:mysql:5.1.43:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.44:::::::*
	cpe:2.3:a:oracle:mysql:5.1.45:::::::*
	cpe:2.3:a:oracle:mysql:5.1.46:::::::*
	cpe:2.3:a:oracle:mysql:5.1.46:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.47:::::::*
	cpe:2.3:a:oracle:mysql:5.1.48:::::::*
	cpe:2.3:a:oracle:mysql:5.1.49:::::::*
	cpe:2.3:a:oracle:mysql:5.1.49:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.50:::::::*
	cpe:2.3:a:oracle:mysql:5.1.51:::::::*
	cpe:2.3:a:oracle:mysql:5.1.52:::::::*
	cpe:2.3:a:oracle:mysql:5.1.52:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1.53:::::::*
	cpe:2.3:a:oracle:mysql:5.1.54:::::::*
cpe:2.3:a:oracle:mysql:5.1.55:::::::*
cpe:2.3:a:oracle:mysql:5.1.56:::::::*
cpe:2.3:a:oracle:mysql:5.1.57:::::::*
cpe:2.3:a:oracle:mysql:5.1.58:::::::*
cpe:2.3:a:oracle:mysql:5.1.59:::::::*
cpe:2.3:a:oracle:mysql:5.1.60:::::::*
cpe:2.3:a:oracle:mysql:5.1.61:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2012/02/24/2
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=789141
https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
https://nvd.nist.gov/vuln/detail/CVE-2012-0882
https://www.cve.org/CVERecord?id=CVE-2012-0882

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-21T02:00:00Z

Updated: 2024-08-06T18:38:14.959Z

Reserved: 2012-01-19T00:00:00Z

Link: CVE-2012-0882

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-21T05:46:15.120

Modified: 2024-11-21T01:35:54.290

Link: CVE-2012-0882

Redhat

Severity : Important

Publid Date: 2012-02-09T00:00:00Z

Links: CVE-2012-0882 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object