Detections
Analytics

CVE-2008-0226

critical

Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39431

https://exchange.xforce.ibmcloud.com/vulnerabilities/39429

http://www.vupen.com/english/advisories/2008/2780

http://www.vupen.com/english/advisories/2008/0560/references

http://www.ubuntu.com/usn/usn-588-1

http://www.securityfocus.com/bid/31681

http://www.securityfocus.com/bid/27140

http://www.securityfocus.com/archive/1/485811/100/0/threaded

http://www.securityfocus.com/archive/1/485810/100/0/threaded

http://www.debian.org/security/2008/dsa-1478

http://support.apple.com/kb/HT3216

http://securityreason.com/securityalert/3531

http://secunia.com/advisories/32222

http://secunia.com/advisories/29443

http://secunia.com/advisories/28597

http://secunia.com/advisories/28419

http://secunia.com/advisories/28324

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://bugs.mysql.com/33814

Details

Source: Mitre, NVD

Published: 2008-01-10

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical