Lucene search
Luigi AuriemmaZDI-13-251HistoryNov 24, 2013 - 12:00 a.m.
MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability
2013-11-2400:00:00
Luigi Auriemma
www.zerodayinitiative.com
12
0.018 Low
EPSS
Percentile
88.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the yaSSL library that is optionally used by MySQL for SSL communication. There exists an off-by-one overflow that is repeatedly performed during the SSL handshake. This can result in memory corruption that can lead to remote code execution under the context of the current process.
Related
prion
prion
Buffer overflow
2013-03-28 23:55:00
Buffer overflow
2013-03-28 23:55:00
nvd
nvd
CVE-2012-0553
2013-03-28 23:55:01
CVE-2013-1492
2013-03-28 23:55:01
cvelist
cvelist
CVE-2012-0553
2013-03-28 23:00:00
CVE-2013-1492
2013-03-28 23:00:00
ubuntucve
ubuntucve
CVE-2012-0553
2013-03-28 00:00:00
CVE-2013-1492
2013-03-28 00:00:00
cve
cve
CVE-2013-1492
2013-03-28 23:55:01
CVE-2012-0553
2013-03-28 23:55:01
openvas
openvas
MySQL 'yaSSL' Buffer Overflow Vulnerability
2013-04-04 00:00:00
Ubuntu: Security Advisory (USN-1807-1)
2013-04-25 00:00:00
Ubuntu: Security Advisory (USN-1807-2)
2013-06-14 00:00:00
nessus
nessus
MySQL 5.5 < 5.5.30 yaSSL Buffer Overflow
2013-03-29 00:00:00
MySQL 5.1 < 5.1.68 Multiple Vulnerabilities
2013-03-29 00:00:00
Juniper Junos Space < 13.1R1 MySQL Multiple Vulnerabilities (JSA10601)
2014-12-22 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2013-04-25 00:00:00
MySQL vulnerabilities
2013-04-25 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00