CVE-2008-0226

NameCVE-2008-0226
DescriptionMultiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1478-1
Debian Bugs460873

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cyasslsource(unstable)(not affected)
mysql-dfsg-4.1source(unstable)(unfixed)
mysql-dfsg-5.0sourceetch5.0.32-7etch5DSA-1478-1
mysql-dfsg-5.0source(unstable)5.0.51-3medium460873

Notes

- cyassl <not-affected> (Fixed before initial upload to archive)

Search for package or bug name: Reporting problems