7.5

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YasslYassl Version <= 1.7.5
MysqlMysql Version5.0.0
MysqlMysql Version5.0.1
MysqlMysql Version5.0.2
MysqlMysql Version5.0.3
MysqlMysql Version5.0.4
MysqlMysql Version5.0.5
MysqlMysql Version5.0.10
MysqlMysql Version5.0.15
MysqlMysql Version5.0.16
MysqlMysql Version5.0.17
MysqlMysql Version5.0.20
MysqlMysql Version5.0.24
MysqlMysql Version5.0.30
MysqlMysql Version5.0.36
MysqlMysql Version5.0.44
MysqlMysql Version5.0.54
MysqlMysql Version5.0.56
MysqlMysql Version5.0.60
MysqlMysql Version5.0.66
MysqlMysql Version5.1.5
OracleMysql Version5.0.23
OracleMysql Version5.0.25
OracleMysql Version5.0.26
OracleMysql Version5.0.28
OracleMysql Version5.0.30 Updatesp1
OracleMysql Version5.0.32
OracleMysql Version5.0.34
OracleMysql Version5.0.36 Updatesp1
OracleMysql Version5.0.38
OracleMysql Version5.0.40
OracleMysql Version5.0.41
OracleMysql Version5.0.42
OracleMysql Version5.0.44 Updatesp1
OracleMysql Version5.0.45
OracleMysql Version5.0.46
OracleMysql Version5.0.48
OracleMysql Version5.0.50
OracleMysql Version5.0.50 Updatesp1
OracleMysql Version5.0.51
OracleMysql Version5.0.52
OracleMysql Version5.0.56 Updatesp1
OracleMysql Version5.0.58
OracleMysql Version5.0.60 Updatesp1
OracleMysql Version5.0.62
OracleMysql Version5.0.64
OracleMysql Version5.0.66 Updatesp1
OracleMysql Version5.1
OracleMysql Version5.1.1
OracleMysql Version5.1.2
OracleMysql Version5.1.3
OracleMysql Version5.1.4
OracleMysql Version5.1.6
OracleMysql Version5.1.7
OracleMysql Version5.1.8
OracleMysql Version5.1.9
OracleMysql Version5.1.10
OracleMysql Version5.1.11
OracleMysql Version5.1.12
OracleMysql Version5.1.13
OracleMysql Version5.1.14
OracleMysql Version5.1.15
OracleMysql Version5.1.16
OracleMysql Version5.1.17
OracleMysql Version5.1.18
OracleMysql Version5.1.19
OracleMysql Version5.1.20
OracleMysql Version5.1.21
OracleMysql Version5.1.22
ApplemacOS X Version10.5.4
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 91.6% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/29443
Not Applicable
http://www.ubuntu.com/usn/usn-588-1
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/32222
Not Applicable
http://support.apple.com/kb/HT3216
Third Party Advisory
http://www.securityfocus.com/bid/31681
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2780
Permissions Required
http://www.vupen.com/english/advisories/2008/0560/references
Permissions Required
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
Not Applicable
http://bugs.mysql.com/33814
Permissions Required
http://secunia.com/advisories/28324
Not Applicable
http://secunia.com/advisories/28419
Not Applicable
http://secunia.com/advisories/28597
Not Applicable
http://securityreason.com/securityalert/3531
Third Party Advisory
http://www.debian.org/security/2008/dsa-1478
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
Broken Link
http://www.securityfocus.com/archive/1/485810/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/485811/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/27140
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431
VDB Entry