Lucene search
HistoryDec 21, 2012 - 5:46 a.m.
CVE-2012-0882
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.039
Percentile
92.1%
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Affected configurations
Node
oraclemysqlMatch5.5.0
ORoraclemysqlMatch5.5.1
ORoraclemysqlMatch5.5.2
ORoraclemysqlMatch5.5.3
ORoraclemysqlMatch5.5.4
ORoraclemysqlMatch5.5.5
ORoraclemysqlMatch5.5.6
ORoraclemysqlMatch5.5.7
ORoraclemysqlMatch5.5.9
ORoraclemysqlMatch5.5.10
ORoraclemysqlMatch5.5.11
ORoraclemysqlMatch5.5.12
ORoraclemysqlMatch5.5.13
ORoraclemysqlMatch5.5.14
ORoraclemysqlMatch5.5.15
ORoraclemysqlMatch5.5.16
ORoraclemysqlMatch5.5.17
ORoraclemysqlMatch5.5.18
ORoraclemysqlMatch5.5.19
ORoraclemysqlMatch5.5.20
ORoraclemysqlMatch5.5.21
Node
mysqlmysqlMatch5.1.5
ORmysqlmysqlMatch5.1.23
ORmysqlmysqlMatch5.1.31
ORmysqlmysqlMatch5.1.32
ORmysqlmysqlMatch5.1.34
ORmysqlmysqlMatch5.1.37
ORoraclemysqlMatch5.1
ORoraclemysqlMatch5.1.1
ORoraclemysqlMatch5.1.2
ORoraclemysqlMatch5.1.3
ORoraclemysqlMatch5.1.4
ORoraclemysqlMatch5.1.6
ORoraclemysqlMatch5.1.7
ORoraclemysqlMatch5.1.8
ORoraclemysqlMatch5.1.9
ORoraclemysqlMatch5.1.10
ORoraclemysqlMatch5.1.11
ORoraclemysqlMatch5.1.12
ORoraclemysqlMatch5.1.13
ORoraclemysqlMatch5.1.14
ORoraclemysqlMatch5.1.15
ORoraclemysqlMatch5.1.16
ORoraclemysqlMatch5.1.17
ORoraclemysqlMatch5.1.18
ORoraclemysqlMatch5.1.19
ORoraclemysqlMatch5.1.20
ORoraclemysqlMatch5.1.21
ORoraclemysqlMatch5.1.22
ORoraclemysqlMatch5.1.23a
ORoraclemysqlMatch5.1.24
ORoraclemysqlMatch5.1.25
ORoraclemysqlMatch5.1.26
ORoraclemysqlMatch5.1.27
ORoraclemysqlMatch5.1.28
ORoraclemysqlMatch5.1.29
ORoraclemysqlMatch5.1.30
ORoraclemysqlMatch5.1.31sp1
ORoraclemysqlMatch5.1.33
ORoraclemysqlMatch5.1.34sp1
ORoraclemysqlMatch5.1.35
ORoraclemysqlMatch5.1.36
ORoraclemysqlMatch5.1.37sp1
ORoraclemysqlMatch5.1.38
ORoraclemysqlMatch5.1.39
ORoraclemysqlMatch5.1.40
ORoraclemysqlMatch5.1.40sp1
ORoraclemysqlMatch5.1.41
ORoraclemysqlMatch5.1.42
ORoraclemysqlMatch5.1.43
ORoraclemysqlMatch5.1.43sp1
ORoraclemysqlMatch5.1.44
ORoraclemysqlMatch5.1.45
ORoraclemysqlMatch5.1.46
ORoraclemysqlMatch5.1.46sp1
ORoraclemysqlMatch5.1.47
ORoraclemysqlMatch5.1.48
ORoraclemysqlMatch5.1.49
ORoraclemysqlMatch5.1.49sp1
ORoraclemysqlMatch5.1.50
ORoraclemysqlMatch5.1.51
ORoraclemysqlMatch5.1.52
ORoraclemysqlMatch5.1.52sp1
ORoraclemysqlMatch5.1.53
ORoraclemysqlMatch5.1.54
ORoraclemysqlMatch5.1.55
ORoraclemysqlMatch5.1.56
ORoraclemysqlMatch5.1.57
ORoraclemysqlMatch5.1.58
ORoraclemysqlMatch5.1.59
ORoraclemysqlMatch5.1.60
ORoraclemysqlMatch5.1.61
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | mysql | 5.5.0 | cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.1 | cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.2 | cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.3 | cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.4 | cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.5 | cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.6 | cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.7 | cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.9 | cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:* |
| oracle | mysql | 5.5.10 | cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
ubuntucve
ubuntucve
prion
prion
Buffer overflow
2012-12-21 05:46:00
Design/Logic Flaw
2012-01-18 22:55:00
Design/Logic Flaw
2012-01-18 22:55:00
cve
cve
openvas
openvas
MySQL 'yaSSL' RCE Vulnerability
2012-04-19 00:00:00
Oracle Mysql Security Updates (jan2012-366304) 01 - Windows
2017-12-14 00:00:00
Oracle Mysql Security Updates (jan2012-366304) 01 - Linux
2017-12-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:11:50
nessus
nessus
MySQL 5.1 < 5.1.62 Multiple Vulnerabilities
2012-04-19 00:00:00
MySQL 5.5 < 5.5.22 Multiple Vulnerabilities
2012-04-11 00:00:00
Oracle MySQL Server 5.5 < 5.5.22 Multiple Unspecified Vulnerabilities
2012-05-25 00:00:00
nvd
nvd
debian
debian
[SECURITY] [DSA 2429-1] mysql-5.1 security update
2012-03-07 20:44:22
oraclelinux
oraclelinux
mysql security update
2012-02-08 00:00:00
amazon
amazon
Important: mysql
2012-02-15 17:18:00
redhat
redhat
(RHSA-2012:0105) Important: mysql security update
2012-02-08 00:00:00
centos
centos
mysql security update
2012-02-08 21:54:27
fedora
fedora
[SECURITY] Fedora 16 Update: mysql-5.5.20-1.fc16
2012-02-08 22:53:23
[SECURITY] Fedora 15 Update: mysql-5.5.20-1.fc15
2012-02-12 22:51:41
f5
f5
SOL14410 - Multiple MySQL vulnerabilities
2013-05-14 00:00:00
K14410 : Multiple MySQL vulnerabilities
2013-09-17 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2012-03-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00
securityvulns
securityvulns
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.039
Percentile
92.1%
Related for NVD:CVE-2012-0882