CVE Vulnerability

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/27140 Exploit
http://secunia.com/advisories/28324 Vendor Advisory
http://www.debian.org/security/2008/dsa-1478
http://secunia.com/advisories/28597
http://bugs.mysql.com/33814
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://www.ubuntu.com/usn/usn-588-1
http://secunia.com/advisories/29443
http://securityreason.com/securityalert/3531
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.securityfocus.com/bid/31681
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.vupen.com/english/advisories/2008/0560/references
http://www.vupen.com/english/advisories/2008/2780
https://exchange.xforce.ibmcloud.com/vulnerabilities/39433
http://www.securityfocus.com/archive/1/485810/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*
Information

Published : 2008-01-10 11:46

Updated : 2018-10-15 09:58

NVD link : CVE-2008-0227

Mitre link : CVE-2008-0227

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer