Lucene search
K

159 matches found

NVD
NVD
added 2008/01/10 11:46 p.m.17 views

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via 1 the ProcessOldClientHello function in handshake.cpp or 2 "inputbuffer& operator" in yasslimp.cpp...

7.5CVSS7.6AI score0.91602EPSS
Exploits13References21
Cvelist
Cvelist
added 2008/01/10 11:0 p.m.25 views

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service crash via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp...

6.4AI score0.02492EPSS
Exploits1References18
CVE
CVE
added 2008/01/10 11:0 p.m.77 views

CVE-2008-0227

CVE-2008-0227 affects yaSSL 1.7.5 and earlier as used in MySQL and possibly other products. The issue allows remote attackers to cause a denial of service (crash) by sending a Hello packet with a large size value, triggering a buffer over-read in HASHwithTransform::Update (hash.cpp). Connected do...

7.5CVSS6.4AI score0.02492EPSS
Exploits1References18Affected Software1
CVE
CVE
added 2008/01/10 11:0 p.m.391 views

CVE-2008-0226

CVE-2008-0226 describes a buffer overflow in yaSSL 1.7.5 and earlier, used by MySQL and possibly other products. The overflow occurs via crafted client Hello messages in handshake.cpp (ProcessOldClientHello) or operator>> in yassl_imp.cpp, enabling remote code execution. Exploitation histor...

7.5CVSS7.5AI score0.91602EPSS
Exploits13References21Affected Software1
Cvelist
Cvelist
added 2008/01/10 11:0 p.m.33 views

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via 1 the ProcessOldClientHello function in handshake.cpp or 2 "inputbuffer& operator" in yasslimp.cpp...

7.5AI score0.91602EPSS
Exploits13References21
UbuntuCve
UbuntuCve
added 2008/01/10 12:0 a.m.29 views

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via 1 the ProcessOldClientHello function in handshake.cpp or 2 "inputbuffer& operator" in yasslimp.cpp...

7.5CVSS6.3AI score0.91602EPSS
Exploits13References2
UbuntuCve
UbuntuCve
added 2008/01/10 12:0 a.m.30 views

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service crash via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp...

7.5CVSS6.1AI score0.02492EPSS
Exploits1References2
seebug.org
seebug.org
added 2008/01/08 12:0 a.m.125 views

yaSSL多个远程溢出及无效内存访问漏洞

BUGTRAQ ID: 27140 yaSSL是用于实现SSL的开源软件包。 yaSSL实现上存在多个远程溢出及无效内存访问问题,远程攻击者可能利用此漏洞控制服务器。 ------------------------------------------- A ProcessOldClientHello缓冲区溢出 ------------------------------------------- 用于包含客户端所接收的Hello报文中的数据的缓冲区结构如下(源自yasslimp.hpp): class ClientHello : public HandShakeBase...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2008/01/04 12:0 a.m.36 views

Pre-auth buffer-overflow in mySQL through yaSSL

The following is a proof-of-concept for testing the buffer-overflow which affects yaSSL = 1.7.5 on mySQL servers, any version, included the latest 6.0.3: http://aluigi.org/poc/mysqlo.zip The vulnerability is exploitable before authentication so the only requirements for testing it are the usage o...

1AI score
Exploits0
seebug.org
seebug.org
added 2008/01/04 12:0 a.m.119 views

MySQL <=6.0 yaSSL <= 1.7.5 Hello Message Buffer Overflow

MySQL yaSSL SSL Hello Message Buffer Overflow 1. 漏洞介绍和分析 yaSSL是用于实现SSL的开源软件包。 yaSSL实现上存在多个远程溢出及无效内存访问问题,远程攻击者可能利用此漏洞控制服务器。 向堆栈缓冲区溢出的yaSSL1.7.5和更早的版本实现与MySQL捆绑 = 6.0。通过发送一个专门制作的HEllo 包 ,攻击者可以执行任意代码。 代码分析: 用于包含客户端所接收的Hello报文中的数据的缓冲区结构如下源自yasslimp.hpp: class ClientHello : public HandShakeBase...

6.6AI score0.91602EPSS
Exploits13
securityvulns
securityvulns
added 2008/01/04 12:0 a.m.43 views

YaSSL library / MySQL multiple security vulnerabilities

Buffer overflows in ProcessOldClientHello and operator, memory exhaustion in HASHwithTransform::Update...

1.6AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2008/01/04 12:0 a.m.38 views

Multiple vulnerabilities in yaSSL 1.7.5

Luigi Auriemma Application: yaSSL http://www.yassl.com Versions: = 1.7.5 Platforms: Windows and nix Bugs: A buffer-overflow in ProcessOldClientHello B buffer-overflow in "inputbuffer& operator" C invalid memory access in HASHwithTransform::Update Exploitation: remote Date: 04 Jan 2008 Author: Lui...

1.2AI score
Exploits0
exploitpack
exploitpack
added 2008/01/04 12:0 a.m.16 views

MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow (Metasploit)

MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

0.4AI score0.91602EPSS
Exploits13
Exploit DB
Exploit DB
added 2008/01/04 12:0 a.m.123 views

MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'MySQL yaSSL...

7.5CVSS6.7AI score0.91602EPSS
Exploits13
NVD
NVD
added 2005/11/21 11:3 a.m.12 views

CVE-2005-3731

Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."...

10CVSS6.5AI score0.01248EPSS
Exploits0References4
CVE
CVE
added 2005/11/21 11:0 a.m.43 views

CVE-2005-3731

Technical details about CVE-2005-3731 are not provided in the supplied documents; no concrete information on affected versions, impact, or remediation is available here. Monitor for updates.

10CVSS7AI score0.01248EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2005/11/21 11:0 a.m.17 views

CVE-2005-3731

Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."...

6.5AI score0.01248EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/11/18 12:0 a.m.33 views

[SA17619] yaSSL Unspecified Certification Chain Processing Vulnerability

TITLE: yaSSL Unspecified Certification Chain Processing Vulnerability SECUNIA ADVISORY ID: SA17619 VERIFY ADVISORY: http://secunia.com/advisories/17619/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: yaSSL Library 1.x http://secunia.com/product/6145/ DESCRIPTION: A...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/11/18 12:0 a.m.28 views

YaSSL certificate chain validation problem

No description provided...

1.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder