BID:58594

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

Info

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

Bugtraq ID:	58594
Class:	Boundary Condition Error
CVE:	CVE-2012-0553
Remote:	Yes
Local:	No
Published:	Mar 19 2013 12:00AM
Updated:	Nov 15 2013 12:34AM
Credit:	Oracle
Vulnerable:	yaSSL yaSSL 1.9.9 yaSSL yaSSL 1.9.6 yaSSL yaSSL 1.7.5 + MySQL AB MySQL 6.0.4 + MySQL AB MySQL 6.0.3 + MySQL AB MySQL 6.0.2 + MySQL AB MySQL 6.0.1 + MySQL AB MySQL 6.0 + MySQL AB MySQL 5.1.23 + MySQL AB MySQL 5.1.22 + MySQL AB MySQL 5.1.18 + MySQL AB MySQL 5.1.17 + MySQL AB MySQL 5.1.16 + MySQL AB MySQL 5.1.15 + MySQL AB MySQL 5.1.14 + MySQL AB MySQL 5.1.13 + MySQL AB MySQL 5.1.12 + MySQL AB MySQL 5.1.11 + MySQL AB MySQL 5.1.10 + MySQL AB MySQL 5.1.9 + MySQL AB MySQL 5.1.6 + MySQL AB MySQL 5.1.5 + MySQL AB MySQL 5.0.52 + MySQL AB MySQL 5.0.51 + MySQL AB MySQL 5.0.50 + MySQL AB MySQL 5.0.49 + MySQL AB MySQL 5.0.48 + MySQL AB MySQL 5.0.47 + MySQL AB MySQL 5.0.46 + MySQL AB MySQL 5.0.45 + MySQL AB MySQL 5.0.45 + MySQL AB MySQL 5.0.44 + MySQL AB MySQL 5.0.42 + MySQL AB MySQL 5.0.40 + MySQL AB MySQL 5.0.39 + MySQL AB MySQL 5.0.38 + MySQL AB MySQL 5.0.37 + MySQL AB MySQL 5.0.36 + MySQL AB MySQL 5.0.33 + MySQL AB MySQL 5.0.32 + MySQL AB MySQL 5.0.27 + MySQL AB MySQL 5.0.24 + MySQL AB MySQL 5.0.22 -1-0.1 + MySQL AB MySQL 5.0.22 + MySQL AB MySQL 5.0.21 + MySQL AB MySQL 5.0.20 + MySQL AB MySQL 5.0.19 + MySQL AB MySQL 5.0.18 yaSSL yaSSL 1.0.6 yaSSL yaSSL 1.0.5 yaSSL yaSSL 1.0.4 yaSSL yaSSL 1.0.3 yaSSL yaSSL 1.0.2 yaSSL yaSSL 1.0.1 yaSSL yaSSL 1.0 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 MySQL AB MySQL 5.5 Gentoo Linux

Not Vulnerable:

Discussion

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

yaSSL is prone to an unspecified buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Exploit / POC

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability

References:

MySQL Homepage (Oracle)