CVE-2008-0226

NameCVE-2008-0226
DescriptionMultiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1478-1
NVD severityhigh (attack range: remote)
Debian Bugs460873
Debian/oldoldstablenot known to be vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cyasslsource(unstable)(not affected)
mysql-dfsg-4.1source(unstable)(unfixed)high
mysql-dfsg-5.0source(unstable)5.0.51-3medium460873
mysql-dfsg-5.0sourceetch5.0.32-7etch5highDSA-1478-1

Notes

- cyassl <not-affected> (Fixed before initial upload to archive)

Search for package or bug name: Reporting problems