CVE-2008-0227

{"id": "CVE-2008-0227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-10T23:46:00.000", "references": [{"url": "http://bugs.mysql.com/33814", "source": "cve@mitre.org"}, {"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28324", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28597", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29443", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32222", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3531", "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3216", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1478", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27140", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31681", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-588-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0560/references", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39433", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp."}, {"lang": "es", "value": "yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un paquete Hello que contiene un valor de tama\u00f1o grande, lo cual provoca una sobre-lectura de b\u00fafer en la funci\u00f3n HASHwithTransform::Update en hash.cpp."}], "lastModified": "2018-10-15T21:58:42.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E11538C-D2F9-4D94-8C84-69BDC305D744", "versionEndIncluding": "1.7.5"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.", "lastModified": "2008-01-11T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}