Lucene search

K
nvd[email protected]NVD:CVE-2009-4484
HistoryDec 30, 2009 - 9:30 p.m.

CVE-2009-4484

2009-12-3021:30:00
CWE-787
web.nvd.nist.gov
8
buffer overflows
mysql
ssl connection
x.509 certificate
memory corruption
daemon crash
remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.972

Percentile

99.8%

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Affected configurations

Nvd
Node
oraclemysqlRange5.0.05.0.90
OR
oraclemysqlRange5.1.05.1.43
OR
oraclemysqlMatch5.0.0milestone1
OR
oraclemysqlMatch5.0.0milestone2
Node
wolfsslyasslRange<1.9.9
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
OR
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch10.10
OR
canonicalubuntu_linuxMatch11.04
OR
canonicalubuntu_linuxMatch11.10
Node
debiandebian_linuxMatch4.0
OR
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
Node
mariadbmariadbRange5.15.1.42
VendorProductVersionCPE
oraclemysql*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oraclemysql5.0.0cpe:2.3:a:oracle:mysql:5.0.0:milestone1:*:*:*:*:*:*
oraclemysql5.0.0cpe:2.3:a:oracle:mysql:5.0.0:milestone2:*:*:*:*:*:*
wolfsslyassl*cpe:2.3:a:wolfssl:yassl:*:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Rows per page:
1-10 of 171

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.972

Percentile

99.8%