Lucene search

[email protected]CVE-2012-5612

HistoryDec 03, 2012 - 12:49 p.m.

CVE-2012-5612

2012-12-0312:49:43

CWE-787

[email protected]

web.nvd.nist.gov

146

oracle mysql

buffer overflow

denial of service

cve-2012-5612

nvd

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.961 High

EPSS

Percentile

99.5%

JSON

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Affected configurations

NVD

Node

mariadbmariadbRange5.1.0–5.1.67

mariadbmariadbRange5.2.0–5.2.14

mariadbmariadbRange5.3.0–5.3.12

mariadbmariadbRange5.5.0–5.5.29

mariadbmariadbMatch10.0.0

Node

oraclemysqlRange5.5.0–5.5.28

Node

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_serverMatch11sp2vmware

suselinux_enterprise_software_development_kitMatch11sp2

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

CPENameOperatorVersion
mariadb:mariadbmariadblt5.1.67
mariadb:mariadbmariadblt5.2.14
mariadb:mariadbmariadblt5.3.12
mariadb:mariadbmariadblt5.5.29
mariadb:mariadbmariadbeq10.0.0

CPE	Name	Operator	Version
mariadb:mariadb	mariadb	lt	5.1.67
mariadb:mariadb	mariadb	lt	5.2.14
mariadb:mariadb	mariadb	lt	5.3.12
mariadb:mariadb	mariadb	lt	5.5.29
mariadb:mariadb	mariadb	eq	10.0.0