Vulnerability-Lookup

CVE-2008-0226 (GCVE-0-2008-0226)

Vulnerability from cvelistv5 – Published: 2008-01-10 23:00 – Updated: 2024-08-07 07:39

Summary

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2008/dsa-1478	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/29443	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/485810/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28324	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/3531	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
	http://bugs.mysql.com/33814	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/27140	vdb-entryx_refsource_BID
	http://secunia.com/advisories/28597	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0560…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/485811/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28419	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-588-1	vendor-advisoryx_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3216	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1478",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1478"
          },
          {
            "name": "29443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29443"
          },
          {
            "name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
          },
          {
            "name": "28324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28324"
          },
          {
            "name": "3531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3531"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/33814"
          },
          {
            "name": "27140",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27140"
          },
          {
            "name": "28597",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28597"
          },
          {
            "name": "ADV-2008-0560",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0560/references"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
          },
          {
            "name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
          },
          {
            "name": "28419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28419"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "USN-588-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-588-1"
          },
          {
            "name": "MDVSA-2008:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
          },
          {
            "name": "yassl-inputbufferoperator-bo(39431)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
          },
          {
            "name": "yassl-processoldclienthello-bo(39429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1478",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1478"
        },
        {
          "name": "29443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29443"
        },
        {
          "name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
        },
        {
          "name": "28324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28324"
        },
        {
          "name": "3531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3531"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.mysql.com/33814"
        },
        {
          "name": "27140",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27140"
        },
        {
          "name": "28597",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28597"
        },
        {
          "name": "ADV-2008-0560",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0560/references"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
        },
        {
          "name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
        },
        {
          "name": "28419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28419"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "USN-588-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-588-1"
        },
        {
          "name": "MDVSA-2008:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
        },
        {
          "name": "yassl-inputbufferoperator-bo(39431)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
        },
        {
          "name": "yassl-processoldclienthello-bo(39429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1478",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1478"
            },
            {
              "name": "29443",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29443"
            },
            {
              "name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
            },
            {
              "name": "28324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28324"
            },
            {
              "name": "3531",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3531"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://bugs.mysql.com/33814",
              "refsource": "CONFIRM",
              "url": "http://bugs.mysql.com/33814"
            },
            {
              "name": "27140",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27140"
            },
            {
              "name": "28597",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28597"
            },
            {
              "name": "ADV-2008-0560",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0560/references"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html",
              "refsource": "CONFIRM",
              "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
            },
            {
              "name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
            },
            {
              "name": "28419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28419"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "USN-588-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-588-1"
            },
            {
              "name": "MDVSA-2008:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
            },
            {
              "name": "yassl-inputbufferoperator-bo(39431)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
            },
            {
              "name": "yassl-processoldclienthello-bo(39429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3216"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0226",
    "datePublished": "2008-01-10T23:00:00.000Z",
    "dateReserved": "2008-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:39:35.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-088

Vulnerability from certfr_avis - Published: 2008-02-14 - Updated: 2008-02-14

None

Description

De nombreuses vulnérabilités présentes dans certaines versions de MySQL peuvent être exploitées par un utilisateur distant malintentionné afin de contourner la politique de sécurité, de porter atteinte à la confidentialité et/ou à l'intégrité des données, de provoquer un déni de service ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

MySQL 5.1.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité SuSE SUSE-SR:2008:003 du 07 février 2008	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2007:1155 du 18 décembre 2007 :	-	other
Bulletin de sécurité Debian DSA-1451 du 06 janvier 2008 :	-	other
Bulletin de sécurité SuSE SUSE-SR:2008:003 du 07 février 2008 :	-	other
Bulletin de sécurité Mandriva MDVSA-2007:243 du 10 décembre 2007 :	-	other
Journal des modifications MySQL du 29 janvier 2008 :	-	other
Bulletin de sécurité Ubuntu USN-559-1 du 21 décembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMySQL 5.1.x.\u003c/P\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans certaines versions de MySQL\npeuvent \u00eatre exploit\u00e9es par un utilisateur distant malintentionn\u00e9 afin\nde contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0 la\nconfidentialit\u00e9 et/ou \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, de provoquer un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2007-6313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6313"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2007-5970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5970"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    }
  ],
  "initial_release_date": "2008-02-14T00:00:00",
  "last_revision_date": "2008-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:1155 du 18 d\u00e9cembre    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1155.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1451 du 06 janvier 2008 :",
      "url": "http://www.debian.org/security/2008/DSA-1451"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2008:003 du 07 f\u00e9vrier    2008 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2007:243 du 10 d\u00e9cembre    2007 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2007:243"
    },
    {
      "title": "Journal des modifications MySQL du 29 janvier 2008    :",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-559-1 du 21 d\u00e9cembre 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-559-1"
    }
  ],
  "reference": "CERTA-2008-AVI-088",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2008:003 du 07 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: 2008-10-13 - Updated: 2008-10-13

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "initial_release_date": "2008-10-13T00:00:00",
  "last_revision_date": "2008-10-13T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

FKIE_CVE-2008-0226

Vulnerability from fkie_nvd - Published: 2008-01-10 23:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.mysql.com/33814	Permissions Required
cve@mitre.org	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html	Not Applicable
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/28324	Not Applicable
cve@mitre.org	http://secunia.com/advisories/28419	Not Applicable
cve@mitre.org	http://secunia.com/advisories/28597	Not Applicable
cve@mitre.org	http://secunia.com/advisories/29443	Not Applicable
cve@mitre.org	http://secunia.com/advisories/32222	Not Applicable
cve@mitre.org	http://securityreason.com/securityalert/3531	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3216	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1478	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:150	Broken Link
cve@mitre.org	http://www.securityfocus.com/archive/1/485810/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/485811/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/27140	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/usn-588-1	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0560/references	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39429	VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39431	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/33814	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28324	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28419	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28597	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29443	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3531	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:150	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485810/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485811/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27140	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-588-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0560/references	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39429	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39431	VDB Entry

Impacted products

Vendor	Product	Version
yassl	yassl	*
mysql	mysql	5.0.0
mysql	mysql	5.0.1
mysql	mysql	5.0.2
mysql	mysql	5.0.3
mysql	mysql	5.0.4
mysql	mysql	5.0.5
mysql	mysql	5.0.10
mysql	mysql	5.0.15
mysql	mysql	5.0.16
mysql	mysql	5.0.17
mysql	mysql	5.0.20
mysql	mysql	5.0.24
mysql	mysql	5.0.30
mysql	mysql	5.0.36
mysql	mysql	5.0.44
mysql	mysql	5.0.54
mysql	mysql	5.0.56
mysql	mysql	5.0.60
mysql	mysql	5.0.66
mysql	mysql	5.1.5
oracle	mysql	5.0.23
oracle	mysql	5.0.25
oracle	mysql	5.0.26
oracle	mysql	5.0.28
oracle	mysql	5.0.30
oracle	mysql	5.0.32
oracle	mysql	5.0.34
oracle	mysql	5.0.36
oracle	mysql	5.0.38
oracle	mysql	5.0.40
oracle	mysql	5.0.41
oracle	mysql	5.0.42
oracle	mysql	5.0.44
oracle	mysql	5.0.45
oracle	mysql	5.0.46
oracle	mysql	5.0.48
oracle	mysql	5.0.50
oracle	mysql	5.0.50
oracle	mysql	5.0.51
oracle	mysql	5.0.52
oracle	mysql	5.0.56
oracle	mysql	5.0.58
oracle	mysql	5.0.60
oracle	mysql	5.0.62
oracle	mysql	5.0.64
oracle	mysql	5.0.66
oracle	mysql	5.1
oracle	mysql	5.1.1
oracle	mysql	5.1.2
oracle	mysql	5.1.3
oracle	mysql	5.1.4
oracle	mysql	5.1.6
oracle	mysql	5.1.7
oracle	mysql	5.1.8
oracle	mysql	5.1.9
oracle	mysql	5.1.10
oracle	mysql	5.1.11
oracle	mysql	5.1.12
oracle	mysql	5.1.13
oracle	mysql	5.1.14
oracle	mysql	5.1.15
oracle	mysql	5.1.16
oracle	mysql	5.1.17
oracle	mysql	5.1.18
oracle	mysql	5.1.19
oracle	mysql	5.1.20
oracle	mysql	5.1.21
oracle	mysql	5.1.22
apple	mac_os_x	10.5.4
debian	debian_linux	5.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	6.10
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E11538C-D2F9-4D94-8C84-69BDC305D744",
              "versionEndIncluding": "1.7.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB92A552-079E-4A5E-B65E-8A6C956FC7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5CD839-1C18-44F2-836F-97B85572D491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA355E8-593E-470C-B565-60CD51B14C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF30535-45D3-4845-8B7C-16F7B6D05F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87BAAF59-A8F5-46AB-9CAC-E0F76B47D942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "60540719-8329-47E4-820F-8B4E4AA55AF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "7147148B-BD26-4280-9B3F-1B27551E0CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DC81D22D-72FE-4FEC-8277-A994B184B91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "B15A96B9-3982-49DF-A836-1DBC3FD29EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02DEBB1-65A5-4422-8B75-E8C86EA0B947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "56225075-5A65-409E-AFC9-CACA381EAC29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB11E34-4045-4ACA-AD7D-48B70D13CD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2FC440-4D06-4CE2-BE20-A46EB196182F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "455E364E-5010-47D9-8F09-58FE4B15615B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58612F4-1CAC-4BFC-A9B2-3D4025F428FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "047FBCCD-DE7C-41FA-80A3-AD695C643C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "687CC501-4CB2-4295-86F6-A5E45DEC2D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A718D-AD9D-4AB9-802F-5F5C6309D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2D4002-FD96-462D-BA55-4624170CAA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) la funci\u00f3n ProcessOldClientHello en handshake.cpp o (2) \"input_buffer\u0026 operator\u003e\u003e\" en yassl_imp.cpp."
    }
  ],
  "id": "CVE-2008-0226",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-10T23:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://bugs.mysql.com/33814"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28419"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29443"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3531"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1478"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-588-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0560/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://bugs.mysql.com/33814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/28597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-588-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0560/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.",
      "lastModified": "2008-01-11T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-0226

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0226

Aliases

CVE-2008-0226

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0226",
    "description": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp.",
    "id": "GSD-2008-0226",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-0226.html",
      "https://www.debian.org/security/2008/dsa-1478",
      "https://packetstormsecurity.com/files/cve/CVE-2008-0226"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0226"
      ],
      "details": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp.",
      "id": "GSD-2008-0226",
      "modified": "2023-12-13T01:22:58.430125Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0226",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-1478",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1478"
          },
          {
            "name": "29443",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29443"
          },
          {
            "name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
          },
          {
            "name": "28324",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28324"
          },
          {
            "name": "3531",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3531"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "http://bugs.mysql.com/33814",
            "refsource": "CONFIRM",
            "url": "http://bugs.mysql.com/33814"
          },
          {
            "name": "27140",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27140"
          },
          {
            "name": "28597",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28597"
          },
          {
            "name": "ADV-2008-0560",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0560/references"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html",
            "refsource": "CONFIRM",
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
          },
          {
            "name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
          },
          {
            "name": "28419",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28419"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "USN-588-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-588-1"
          },
          {
            "name": "MDVSA-2008:150",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
          },
          {
            "name": "yassl-inputbufferoperator-bo(39431)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
          },
          {
            "name": "yassl-processoldclienthello-bo(39429)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0226"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27140",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/27140"
            },
            {
              "name": "28324",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/28324"
            },
            {
              "name": "28419",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/28419"
            },
            {
              "name": "DSA-1478",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1478"
            },
            {
              "name": "28597",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/28597"
            },
            {
              "name": "http://bugs.mysql.com/33814",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://bugs.mysql.com/33814"
            },
            {
              "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html",
              "refsource": "CONFIRM",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
            },
            {
              "name": "USN-588-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-588-1"
            },
            {
              "name": "29443",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/29443"
            },
            {
              "name": "3531",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/3531"
            },
            {
              "name": "MDVSA-2008:150",
              "refsource": "MANDRIVA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "ADV-2008-0560",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0560/references"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "yassl-inputbufferoperator-bo(39431)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
            },
            {
              "name": "yassl-processoldclienthello-bo(39429)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
            },
            {
              "name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
            },
            {
              "name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-12-17T20:26Z",
      "publishedDate": "2008-01-10T23:46Z"
    }
  }
}

GHSA-62P8-JM49-F9F2

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-10T23:46:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp.",
  "id": "GHSA-62p8-jm49-f9f2",
  "modified": "2022-05-01T23:28:31Z",
  "published": "2022-05-01T23:28:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0226"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
    },
    {
      "type": "WEB",
      "url": "http://bugs.mysql.com/33814"
    },
    {
      "type": "WEB",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28324"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28419"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28597"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29443"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3531"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1478"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27140"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-588-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0560/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0226 (GCVE-0-2008-0226)

CERTA-2008-AVI-088

Description

Solution

CERTA-2008-AVI-492

Description

Solution

FKIE_CVE-2008-0226

GSD-2008-0226

GHSA-62P8-JM49-F9F2

Tags

Sightings

Nomenclature