CVE-2008-0226

Oracle Mysql < 1.7.5 - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16701
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16849
exploitdb WORKING POC VERIFIED
by MC · rubyremotelinux
https://www.exploit-db.com/exploits/9953
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mysql/mysql_yassl_hello.rb
metasploit WORKING POC GOOD
by MC · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/mysql/mysql_yassl_hello.rb

References (21)

... and 1 more

Scores

EPSS 0.9220
EPSS Percentile 99.7%

Details

CWE
CWE-119
Status published
Products (49)
apple/mac_os_x 10.5.4
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 6.10
canonical/ubuntu_linux 7.04
canonical/ubuntu_linux 7.10
debian/debian_linux 5.0
mysql/mysql 5.0.0
mysql/mysql 5.0.1
mysql/mysql 5.0.2
mysql/mysql 5.0.3
... and 39 more
Published Jan 10, 2008
Tracked Since Feb 18, 2026