7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and
possibly other products, allow remote attackers to execute arbitrary code
via (1) the ProcessOldClientHello function in handshake.cpp or (2)
“input_buffer& operator>>” in yassl_imp.cpp.
Author | Note |
---|---|
jdstrand | dapper not affected (yassl not compiled) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mysql-dfsg-5.0 | < 5.0.22-0ubuntu6.06.8 | UNKNOWN |
ubuntu | 6.10 | noarch | mysql-dfsg-5.0 | < 5.0.24a-9ubuntu2.4 | UNKNOWN |
ubuntu | 7.04 | noarch | mysql-dfsg-5.0 | < 5.0.38-0ubuntu1.4 | UNKNOWN |
ubuntu | 7.10 | noarch | mysql-dfsg-5.0 | < 5.0.45-1ubuntu3.3 | UNKNOWN |