MySQL yaSSL Vulnerability
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2008-0226
Date du conseil: 27 août 2015
Description
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Information Exposure Rating:
- 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
- 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
Solutions
Trend Micro Deep Security DPI Rule Number: 1001312
Trend Micro Deep Security DPI Rule Name: 1001312 - MySQL yaSSL Pre-authentication Code Execution
Affected software and version:
- MySQL MySQL
- yaSSL yaSSL 1.7.5