Vulnerability Details : CVE-2008-0227
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-0227
Probability of exploitation activity in the next 30 days: 34.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0227
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-0227
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-0227
-
Red Hat 2008-01-11Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.
- http://bugs.mysql.com/33814
- http://www.vupen.com/english/advisories/2008/0560/references
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39433
-
http://www.securityfocus.com/bid/27140
yaSSL Multiple Remote Buffer Overflow VulnerabilitiesExploit
- http://securityreason.com/securityalert/3531
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
- http://www.securityfocus.com/archive/1/485810/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.ubuntu.com/usn/usn-588-1
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
- http://www.debian.org/security/2008/dsa-1478
- http://www.securityfocus.com/bid/31681
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
- cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*