CVE-2008-0226

NameCVE-2008-0226
DescriptionMultiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1478-1
NVD severityhigh (attack range: remote)
Debian Bugs460873

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cyasslsource(unstable)(not affected)
mysql-dfsg-4.1source(unstable)(unfixed)high
mysql-dfsg-5.0source(unstable)5.0.51-3medium460873
mysql-dfsg-5.0sourceetch5.0.32-7etch5highDSA-1478-1

Notes

- cyassl <not-affected> (Fixed before initial upload to archive)

Search for package or bug name: Reporting problems