製品・ソフトウェアに関する情報

JVN脆弱性詳細

MySQL で使用される yaSSL におけるバッファオーバーフローの脆弱性

Title	MySQL で使用される yaSSL におけるバッファオーバーフローの脆弱性
Summary	MySQL で使用される yaSSL には、バッファオーバーフローの脆弱性が存在します。詳細が不明なため、本脆弱性は CVE-2012-0492 または他の CVE 識別番号の問題と重複する可能性があります。
Possible impacts	第三者により、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 4, 2012, midnight
Registration Date	Dec. 25, 2012, 1:52 p.m.
Last Update	Dec. 25, 2012, 1:52 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

オラクル

MySQL 5.1.61 およびそれ以前

MySQL 5.5.21 およびそれ以前

MySQL AB

MySQL 5.1.50 およびそれ以前

MySQL 5.5.9 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-0882	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0882
National Vulnerability Database (NVD)
2	CVE-2012-0882	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0882
SECURITY BLOG
3	CVE-2012-0882 Buffer Overflow vulnerability in yaSSL	https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 789141	https://bugzilla.redhat.com/show_bug.cgi?id=789141

Change Log

No	Changed Details	Date of change
0	[2012年12月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-0882

Summary	Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Publication Date	Dec. 21, 2012, 2:46 p.m.
Registration Date	Jan. 28, 2021, 2:54 p.m.
Last Update	Nov. 21, 2024, 10:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql:5.5.10:::::::*
cpe:2.3:a:oracle:mysql:5.5.7:::::::*
cpe:2.3:a:oracle:mysql:5.5.3:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
cpe:2.3:a:oracle:mysql:5.5.17:::::::*
cpe:2.3:a:oracle:mysql:5.5.14:::::::*
cpe:2.3:a:oracle:mysql:5.5.16:::::::*
cpe:2.3:a:oracle:mysql:5.5.11:::::::*
cpe:2.3:a:oracle:mysql:5.5.21:::::::*
cpe:2.3:a:oracle:mysql:5.5.20:::::::*
cpe:2.3:a:oracle:mysql:5.5.2:::::::*
cpe:2.3:a:oracle:mysql:5.5.6:::::::*
cpe:2.3:a:oracle:mysql:5.5.5:::::::*
cpe:2.3:a:oracle:mysql:5.5.9:::::::*
cpe:2.3:a:oracle:mysql:5.5.18:::::::*
cpe:2.3:a:oracle:mysql:5.5.15:::::::*
cpe:2.3:a:oracle:mysql:5.5.13:::::::*
cpe:2.3:a:oracle:mysql:5.5.12:::::::*
cpe:2.3:a:oracle:mysql:5.5.1:::::::*
cpe:2.3:a:oracle:mysql:5.5.4:::::::*
cpe:2.3:a:oracle:mysql:5.5.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql:5.1.52:::::::*
cpe:2.3:a:oracle:mysql:5.1.59:::::::*
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.34:::::::*
cpe:2.3:a:oracle:mysql:5.1.51:::::::*
cpe:2.3:a:oracle:mysql:5.1.60:::::::*
cpe:2.3:a:oracle:mysql:5.1.52:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.54:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.1.61:::::::*
cpe:2.3:a:oracle:mysql:5.1.55:::::::*
cpe:2.3:a:oracle:mysql:5.1.57:::::::*
cpe:2.3:a:oracle:mysql:5.1.58:::::::*
cpe:2.3:a:mysql:mysql:5.1.37:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:oracle:mysql:5.1.56:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:oracle:mysql:5.1.39:::::::*
cpe:2.3:a:oracle:mysql:5.1.40:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.40:::::::*
cpe:2.3:a:oracle:mysql:5.1.41:::::::*
cpe:2.3:a:oracle:mysql:5.1.42:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.44:::::::*
cpe:2.3:a:oracle:mysql:5.1.45:::::::*
cpe:2.3:a:oracle:mysql:5.1.46:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.46:::::::*
cpe:2.3:a:oracle:mysql:5.1.47:::::::*
cpe:2.3:a:oracle:mysql:5.1.48:::::::*
cpe:2.3:a:oracle:mysql:5.1.49:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.49:::::::*
cpe:2.3:a:oracle:mysql:5.1.50:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.33:::::::*
cpe:2.3:a:oracle:mysql:5.1.35:::::::*
cpe:2.3:a:oracle:mysql:5.1.36:::::::*
cpe:2.3:a:oracle:mysql:5.1.38:::::::*
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.34:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.37:sp1::::::

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2012/02/24/2
2	https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability	Vendor Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=789141
4	https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
5	https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
6	http://www.openwall.com/lists/oss-security/2012/02/24/2
7	https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html
8	https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
9	https://bugzilla.redhat.com/show_bug.cgi?id=789141
10	https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql:5.5.10:::::::*
cpe:2.3:a:oracle:mysql:5.5.7:::::::*
cpe:2.3:a:oracle:mysql:5.5.3:::::::*
cpe:2.3:a:oracle:mysql:5.5.19:::::::*
cpe:2.3:a:oracle:mysql:5.5.17:::::::*
cpe:2.3:a:oracle:mysql:5.5.14:::::::*
cpe:2.3:a:oracle:mysql:5.5.16:::::::*
cpe:2.3:a:oracle:mysql:5.5.11:::::::*
cpe:2.3:a:oracle:mysql:5.5.21:::::::*
cpe:2.3:a:oracle:mysql:5.5.20:::::::*
cpe:2.3:a:oracle:mysql:5.5.2:::::::*
cpe:2.3:a:oracle:mysql:5.5.6:::::::*
cpe:2.3:a:oracle:mysql:5.5.5:::::::*
cpe:2.3:a:oracle:mysql:5.5.9:::::::*
cpe:2.3:a:oracle:mysql:5.5.18:::::::*
cpe:2.3:a:oracle:mysql:5.5.15:::::::*
cpe:2.3:a:oracle:mysql:5.5.13:::::::*
cpe:2.3:a:oracle:mysql:5.5.12:::::::*
cpe:2.3:a:oracle:mysql:5.5.1:::::::*
cpe:2.3:a:oracle:mysql:5.5.4:::::::*
cpe:2.3:a:oracle:mysql:5.5.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql:5.1.52:::::::*
cpe:2.3:a:oracle:mysql:5.1.59:::::::*
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.34:::::::*
cpe:2.3:a:oracle:mysql:5.1.51:::::::*
cpe:2.3:a:oracle:mysql:5.1.60:::::::*
cpe:2.3:a:oracle:mysql:5.1.52:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.54:::::::*
cpe:2.3:a:oracle:mysql:5.1.53:::::::*
cpe:2.3:a:oracle:mysql:5.1.61:::::::*
cpe:2.3:a:oracle:mysql:5.1.55:::::::*
cpe:2.3:a:oracle:mysql:5.1.57:::::::*
cpe:2.3:a:oracle:mysql:5.1.58:::::::*
cpe:2.3:a:mysql:mysql:5.1.37:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:oracle:mysql:5.1.56:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:oracle:mysql:5.1.39:::::::*
cpe:2.3:a:oracle:mysql:5.1.40:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.40:::::::*
cpe:2.3:a:oracle:mysql:5.1.41:::::::*
cpe:2.3:a:oracle:mysql:5.1.42:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.44:::::::*
cpe:2.3:a:oracle:mysql:5.1.45:::::::*
cpe:2.3:a:oracle:mysql:5.1.46:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.46:::::::*
cpe:2.3:a:oracle:mysql:5.1.47:::::::*
cpe:2.3:a:oracle:mysql:5.1.48:::::::*
cpe:2.3:a:oracle:mysql:5.1.49:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.49:::::::*
cpe:2.3:a:oracle:mysql:5.1.50:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.33:::::::*
cpe:2.3:a:oracle:mysql:5.1.35:::::::*
cpe:2.3:a:oracle:mysql:5.1.36:::::::*
cpe:2.3:a:oracle:mysql:5.1.38:::::::*
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.34:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.37:sp1::::::