Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2012-0882
HistoryDec 21, 2012 - 12:00 a.m.

CVE-2012-0882

2012-12-2100:00:00
ubuntu.com
ubuntu.com
23

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.039

Percentile

92.1%

JSON

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other
versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows
remote attackers to execute arbitrary code via unspecified vectors, as
demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224,
this disclosure has no actionable information. However, because the module
author is a reliable researcher, the issue is being assigned a CVE
identifier for tracking purposes. NOTE: due to lack of details, it is not
clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Notes

Author Note
jdstrand supposedly pre-auth root remote 0-day. Due to lack of information setting priority to ‘low’ for now (there is nothing to be done). Report only mention 5.5.20 as affected, so due to lack of information, leaving other sources out for now.
mdeslaur This is probably fixed with the yassl update that went into 5.1.62, 5.0.96 and 5.5.22

Related

cvelist 7
cve 7
nvd 7
prion 7
openvas 17
veracode 1
nessus 19
ubuntucve 6
amazon 1
debian 1
oraclelinux 1
redhat 1
centos 1
fedora 2
f5 2
ubuntu 1
oracle 1
securityvulns 1
gentoo 1
cvelist
cvelist
CVE-2012-0882
2012-12-21 02:00:00
CVE-2012-0120
2012-01-18 22:00:00
CVE-2012-0115
2012-01-18 22:00:00
cve
cve
CVE-2012-0882
2012-12-21 05:46:15
CVE-2012-0115
2012-01-18 22:55:06
CVE-2012-0492
2012-01-18 22:55:07
nvd
nvd
CVE-2012-0882
2012-12-21 05:46:15
CVE-2012-0120
2012-01-18 22:55:06
CVE-2012-0119
2012-01-18 22:55:06
prion
prion
Buffer overflow
2012-12-21 05:46:00
Design/Logic Flaw
2012-01-18 22:55:00
Design/Logic Flaw
2012-01-18 22:55:00
openvas
openvas
MySQL 'yaSSL' RCE Vulnerability
2012-04-19 00:00:00
Oracle Mysql Security Updates (jan2012-366304) 01 - Windows
2017-12-14 00:00:00
Oracle Mysql Security Updates (jan2012-366304) 01 - Linux
2017-12-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:11:50
nessus
nessus
MySQL 5.1 < 5.1.62 Multiple Vulnerabilities
2012-04-19 00:00:00
MySQL 5.5 < 5.5.22 Multiple Vulnerabilities
2012-04-11 00:00:00
Oracle MySQL Server 5.5 < 5.5.22 Multiple Unspecified Vulnerabilities
2012-05-25 00:00:00
ubuntucve
ubuntucve
CVE-2012-0120
2012-01-18 00:00:00
CVE-2012-0112
2012-01-18 00:00:00
CVE-2012-0485
2012-01-18 00:00:00
amazon
amazon
Important: mysql
2012-02-15 17:18:00
debian
debian
[SECURITY] [DSA 2429-1] mysql-5.1 security update
2012-03-07 20:44:22
oraclelinux
oraclelinux
mysql security update
2012-02-08 00:00:00
redhat
redhat
(RHSA-2012:0105) Important: mysql security update
2012-02-08 00:00:00
centos
centos
mysql security update
2012-02-08 21:54:27
fedora
fedora
[SECURITY] Fedora 16 Update: mysql-5.5.20-1.fc16
2012-02-08 22:53:23
[SECURITY] Fedora 15 Update: mysql-5.5.20-1.fc15
2012-02-12 22:51:41
f5
f5
SOL14410 - Multiple MySQL vulnerabilities
2013-05-14 00:00:00
K14410 : Multiple MySQL vulnerabilities
2013-09-17 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2012-03-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00
securityvulns
securityvulns
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
2012-03-10 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.039

Percentile

92.1%

JSON
Related for UB:CVE-2012-0882
cvelist7cve7nvd7prion7openvas17veracode1nessus19ubuntucve6amazon1debian1oraclelinux1redhat1centos1fedora2f52ubuntu1oracle1securityvulns1gentoo1