CVE-2012-5612

 

Published at: - 03-12-2012 01:49

Last modified: - 20-07-2022 06:24

Total changes: - 3

Description

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:P/A:P

 

Verification logic

 

Reference

• [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday-Mailing List, Third Party Advisory
• 23076-Exploit, Third Party Advisory, VDB Entry
• 20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday-Exploit, Mailing List, Third Party Advisory
• https://mariadb.atlassian.net/browse/MDEV-3908
• [oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday-Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
• USN-1703-1-Third Party Advisory
• SUSE-SU-2013:0262-Mailing List, Third Party Advisory
• MDVSA-2013:150-Broken Link
• GLSA-201308-06-Third Party Advisory
• MDVSA-2013:102-Broken Link
• 53372-Not Applicable
• oval:org.mitre.oval:def:16960-Third Party Advisory

 

Keywords

NVD

 

CVE-2012-5612

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures