Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningCommunityBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > CVE-2008-0227
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
CVE Reference: CVE-2008-0227
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2008-0227

Description:
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/39433

UBUNTU
  http://www.ubuntu.com/usn/usn-588-1

SREASON
  http://securityreason.com/securityalert/3531

SAID
  Secunia Advisory: SA28324
  Secunia Advisory: SA28597
  Secunia Advisory: SA29443
  Secunia Advisory: SA32222

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:150

DEBIAN
  http://www.debian.org/security/2008/dsa-1478

CONFIRM
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
  http://support.apple.com/kb/HT3216
  http://bugs.mysql.com/33814

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded

BID
  31681
  27140

APPLE
  http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html


Return to the previous page.


Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008