CVE-2012-5612

Oracle MySQL <5.5.29 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5612. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a heap overflow vulnerability in MySQL (CVE-2012-5612) by sending malformed SQL queries with long strings to trigger a segmentation fault. The PoC demonstrates control over registers ($edx and $edi) to potentially rewrite function pointers or GOT entries for arbitrary code execution.

Description

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Exploits (1)

exploitdb WORKING POC

by kingcope · perldoslinux

https://www.exploit-db.com/exploits/23076

View Code ZIP pw:eip

This exploit leverages a heap overflow vulnerability in MySQL (CVE-2012-5612) by sending malformed SQL queries with long strings to trigger a segmentation fault. The PoC demonstrates control over registers ($edx and $edi) to potentially rewrite function pointers or GOT entries for arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: MySQL 5.5.19

Auth required

Prerequisites: Valid MySQL user credentials · Network access to MySQL server

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/23076

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2012/Dec/5

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1703-1

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53372

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/12/02/3

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201308-06.xml

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/12/02/4

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

Broken Link, Exploit, Patch x_refsource_confirm

https://mariadb.atlassian.net/browse/MDEV-3908

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.6684

EPSS Percentile 98.6%

Details

CWE

CWE-787

Status published

Products (10)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

mariadb/mariadb 10.0.0

mariadb/mariadb 5.1.0 - 5.1.67

oracle/mysql 5.5.0 - 5.5.28

suse/linux_enterprise_desktop 11 sp2

suse/linux_enterprise_server 11 sp2 (2 CPE variants)

suse/linux_enterprise_software_development_kit 11 sp2

Published Dec 03, 2012

Tracked Since Feb 18, 2026