Vulnerability Details : CVE-2012-0882
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-0882
- cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.47:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.49:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.48:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*
Threat overview for CVE-2012-0882
Top countries where our scanners detected CVE-2012-0882
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2012-0882 27,940
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-0882!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0882
3.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0882
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-0882
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0882
-
https://bugzilla.redhat.com/show_bug.cgi?id=789141
789141 – (CVE-2012-0882) CVE-2012-0882 mysql: unspecified remote exploit (released with VulnDisco Pack Professional 9.17)
-
https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
[Canvas] VulnDisco MySQL 0day
-
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability
CVE-2012-0882 Buffer Overflow vulnerability in yaSSL | Oracle Third Party Vulnerability Resolution BlogVendor Advisory
-
https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
[Canvas] VulnDisco Pack Professional 9.17
-
http://www.openwall.com/lists/oss-security/2012/02/24/2
oss-security - Re: MySQL 0-day - does it need a CVE?
Jump to