CVE 2008-0227
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransfo
Related bugs and status
CVE-2008-0227 (Candidate) is related to these bugs:
Bug #172260: [mysql] multiple vulnerabilities
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu) | Unknown | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (tuXlab) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Dapper) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Edgy) | Undecided | Won't Fix | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Edgy) | Undecided | Won't Fix | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Edgy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Edgy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Feisty) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Gutsy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Hardy) | Unknown | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Hardy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Hardy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Hardy) | Undecided | Invalid |
Bug #185039: [mysql] [CVE-2007-6303] remote privilege escalation
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
185039 | [mysql] [CVE-2007-6303] remote privilege escalation | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released |
Bug #186978: [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Edgy) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Feisty) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Gutsy) | Undecided | Fix Released |
Bug #201009: [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Dapper) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Edgy) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Feisty) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Gutsy) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.