CVE-2008-0226 - Vulnerability Details

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Canonical	Ubuntu Linux
Debian	Debian Linux
Mysql	Mysql
Oracle	Mysql
Yassl	Yassl

Configuration 1 [-]

cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:mysql:mysql:5.0.0:::::::*
	cpe:2.3:a:mysql:mysql:5.0.1:::::::*
	cpe:2.3:a:mysql:mysql:5.0.2:::::::*
	cpe:2.3:a:mysql:mysql:5.0.3:::::::*
	cpe:2.3:a:mysql:mysql:5.0.4:::::::*
	cpe:2.3:a:mysql:mysql:5.0.5:::::::*
	cpe:2.3:a:mysql:mysql:5.0.10:::::::*
	cpe:2.3:a:mysql:mysql:5.0.15:::::::*
	cpe:2.3:a:mysql:mysql:5.0.16:::::::*
	cpe:2.3:a:mysql:mysql:5.0.17:::::::*
	cpe:2.3:a:mysql:mysql:5.0.20:::::::*
	cpe:2.3:a:mysql:mysql:5.0.24:::::::*
	cpe:2.3:a:mysql:mysql:5.0.30:::::::*
	cpe:2.3:a:mysql:mysql:5.0.36:::::::*
	cpe:2.3:a:mysql:mysql:5.0.44:::::::*
	cpe:2.3:a:mysql:mysql:5.0.54:::::::*
	cpe:2.3:a:mysql:mysql:5.0.56:::::::*
	cpe:2.3:a:mysql:mysql:5.0.60:::::::*
	cpe:2.3:a:mysql:mysql:5.0.66:::::::*
	cpe:2.3:a:mysql:mysql:5.1.5:::::::*
	cpe:2.3:a:oracle:mysql:5.0.23:::::::*
	cpe:2.3:a:oracle:mysql:5.0.25:::::::*
	cpe:2.3:a:oracle:mysql:5.0.26:::::::*
	cpe:2.3:a:oracle:mysql:5.0.28:::::::*
	cpe:2.3:a:oracle:mysql:5.0.30:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.32:::::::*
	cpe:2.3:a:oracle:mysql:5.0.34:::::::*
	cpe:2.3:a:oracle:mysql:5.0.36:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.38:::::::*
	cpe:2.3:a:oracle:mysql:5.0.40:::::::*
	cpe:2.3:a:oracle:mysql:5.0.41:::::::*
	cpe:2.3:a:oracle:mysql:5.0.42:::::::*
	cpe:2.3:a:oracle:mysql:5.0.44:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.45:::::::*
	cpe:2.3:a:oracle:mysql:5.0.46:::::::*
	cpe:2.3:a:oracle:mysql:5.0.48:::::::*
	cpe:2.3:a:oracle:mysql:5.0.50:::::::*
	cpe:2.3:a:oracle:mysql:5.0.50:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.51:::::::*
	cpe:2.3:a:oracle:mysql:5.0.52:::::::*
	cpe:2.3:a:oracle:mysql:5.0.56:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.58:::::::*
	cpe:2.3:a:oracle:mysql:5.0.60:sp1::::::
	cpe:2.3:a:oracle:mysql:5.0.62:::::::*
	cpe:2.3:a:oracle:mysql:5.0.64:::::::*
	cpe:2.3:a:oracle:mysql:5.0.66:sp1::::::
	cpe:2.3:a:oracle:mysql:5.1:::::::*
	cpe:2.3:a:oracle:mysql:5.1.1:::::::*
	cpe:2.3:a:oracle:mysql:5.1.2:::::::*
	cpe:2.3:a:oracle:mysql:5.1.3:::::::*
	cpe:2.3:a:oracle:mysql:5.1.4:::::::*
	cpe:2.3:a:oracle:mysql:5.1.6:::::::*
	cpe:2.3:a:oracle:mysql:5.1.7:::::::*
	cpe:2.3:a:oracle:mysql:5.1.8:::::::*
	cpe:2.3:a:oracle:mysql:5.1.9:::::::*
	cpe:2.3:a:oracle:mysql:5.1.10:::::::*
	cpe:2.3:a:oracle:mysql:5.1.11:::::::*
	cpe:2.3:a:oracle:mysql:5.1.12:::::::*
	cpe:2.3:a:oracle:mysql:5.1.13:::::::*
	cpe:2.3:a:oracle:mysql:5.1.14:::::::*
	cpe:2.3:a:oracle:mysql:5.1.15:::::::*
	cpe:2.3:a:oracle:mysql:5.1.16:::::::*
	cpe:2.3:a:oracle:mysql:5.1.17:::::::*
	cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*

Configuration 3 [-]

cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

No data.

References

Link	Providers
http://bugs.mysql.com/33814
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/28324
http://secunia.com/advisories/28419
http://secunia.com/advisories/28597
http://secunia.com/advisories/29443
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3531
http://support.apple.com/kb/HT3216
http://www.debian.org/security/2008/dsa-1478
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
http://www.securityfocus.com/archive/1/485810/100/0/threaded
http://www.securityfocus.com/archive/1/485811/100/0/threaded
http://www.securityfocus.com/bid/27140
http://www.securityfocus.com/bid/31681
http://www.ubuntu.com/usn/usn-588-1
http://www.vupen.com/english/advisories/2008/0560/references
http://www.vupen.com/english/advisories/2008/2780
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-10T23:00:00

Updated: 2024-08-07T07:39:35.055Z

Reserved: 2008-01-10T00:00:00

Link: CVE-2008-0226

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-01-10T23:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer& operator>>\" in yassl_imp.cpp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1478", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1478"}, {"name": "29443", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29443"}, {"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"}, {"name": "28324", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28324"}, {"name": "3531", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3531"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31681"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.mysql.com/33814"}, {"name": "27140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27140"}, {"name": "28597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28597"}, {"name": "ADV-2008-0560", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0560/references"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32222"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"}, {"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"}, {"name": "28419", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28419"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "USN-588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-588-1"}, {"name": "MDVSA-2008:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"}, {"name": "yassl-inputbufferoperator-bo(39431)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"}, {"name": "yassl-processoldclienthello-bo(39429)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3216"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer& operator>>\" in yassl_imp.cpp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1478", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1478"}, {"name": "29443", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29443"}, {"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"}, {"name": "28324", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28324"}, {"name": "3531", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3531"}, {"name": "31681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31681"}, {"name": "http://bugs.mysql.com/33814", "refsource": "CONFIRM", "url": "http://bugs.mysql.com/33814"}, {"name": "27140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27140"}, {"name": "28597", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28597"}, {"name": "ADV-2008-0560", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0560/references"}, {"name": "32222", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32222"}, {"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html", "refsource": "CONFIRM", "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"}, {"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"}, {"name": "28419", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28419"}, {"name": "ADV-2008-2780", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "USN-588-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-588-1"}, {"name": "MDVSA-2008:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"}, {"name": "yassl-inputbufferoperator-bo(39431)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"}, {"name": "yassl-processoldclienthello-bo(39429)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"}, {"name": "APPLE-SA-2008-10-09", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"name": "http://support.apple.com/kb/HT3216", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3216"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:39:35.055Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1478", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1478"}, {"name": "29443", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29443"}, {"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"}, {"name": "28324", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28324"}, {"name": "3531", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3531"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31681"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.mysql.com/33814"}, {"name": "27140", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27140"}, {"name": "28597", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28597"}, {"name": "ADV-2008-0560", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0560/references"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32222"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"}, {"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"}, {"name": "28419", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28419"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "USN-588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-588-1"}, {"name": "MDVSA-2008:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"}, {"name": "yassl-inputbufferoperator-bo(39431)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"}, {"name": "yassl-processoldclienthello-bo(39429)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3216"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0226", "datePublished": "2008-01-10T23:00:00", "dateReserved": "2008-01-10T00:00:00", "dateUpdated": "2024-08-07T07:39:35.055Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E11538C-D2F9-4D94-8C84-69BDC305D744", "versionEndIncluding": "1.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*", "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*", "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*", "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*", "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "FB92A552-079E-4A5E-B65E-8A6C956FC7DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*", "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "9A5CD839-1C18-44F2-836F-97B85572D491", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*", "matchCriteriaId": "4BA355E8-593E-470C-B565-60CD51B14C3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "7AF30535-45D3-4845-8B7C-16F7B6D05F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*", "matchCriteriaId": "87BAAF59-A8F5-46AB-9CAC-E0F76B47D942", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "60540719-8329-47E4-820F-8B4E4AA55AF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "7147148B-BD26-4280-9B3F-1B27551E0CAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*", "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*", "matchCriteriaId": "DC81D22D-72FE-4FEC-8277-A994B184B91C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*", "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*", "matchCriteriaId": "B15A96B9-3982-49DF-A836-1DBC3FD29EF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "A02DEBB1-65A5-4422-8B75-E8C86EA0B947", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*", "matchCriteriaId": "56225075-5A65-409E-AFC9-CACA381EAC29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*", "matchCriteriaId": "AFB11E34-4045-4ACA-AD7D-48B70D13CD92", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*", "matchCriteriaId": "6D2FC440-4D06-4CE2-BE20-A46EB196182F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*", "matchCriteriaId": "455E364E-5010-47D9-8F09-58FE4B15615B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F58612F4-1CAC-4BFC-A9B2-3D4025F428FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "047FBCCD-DE7C-41FA-80A3-AD695C643C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "687CC501-4CB2-4295-86F6-A5E45DEC2D0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "822A718D-AD9D-4AB9-802F-5F5C6309D809", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "CA2D4002-FD96-462D-BA55-4624170CAA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer& operator>>\" in yassl_imp.cpp."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) la funci\u00f3n ProcessOldClientHello en handshake.cpp o (2) \"input_buffer& operator>>\" en yassl_imp.cpp."}], "id": "CVE-2008-0226", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-10T23:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://bugs.mysql.com/33814"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28324"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28419"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28597"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/29443"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32222"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/3531"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3216"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1478"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/27140"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31681"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-588-1"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/0560/references"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://bugs.mysql.com/33814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/29443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/3531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/27140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-588-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/0560/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.", "lastModified": "2008-01-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object