Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0226Improper Restriction of Operations within the Bounds of a Memory Buffer in Yassl

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
7.5HIGHNVD
EPSS
92.2%
top 0.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
YasslApple MAC OS XCanonical Ubuntu Linux+3 more
Timeline
PublishedJan 10
Latest updateMay 1

Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDyassl/yassl1.7.5
NVDmysql/mysql20 versions+19
NVDoracle/mysql47 versions+46
NVDapple/mac_os_x10.5.4

Also affects: Debian Linux 5.0, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

🔴Vulnerability Details

1
GHSA
GHSA-62p8-jm49-f9f2: Multiple buffer overflows in yaSSL 12022-05-01

💥Exploits & PoCs

4
Exploit-DB
MySQL yaSSL (Linux) - SSL Hello Message Buffer Overflow (Metasploit)2010-05-09
Exploit-DB
MySQL yaSSL (Windows) - SSL Hello Message Buffer Overflow (Metasploit)2010-05-09
Exploit-DB
MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow (Metasploit)2008-01-04
Metasploit
MySQL yaSSL SSL Hello Message Buffer Overflow

📋Vendor Advisories

3
Ubuntu
MySQL regression2008-04-02
Ubuntu
MySQL vulnerabilities2008-03-19
Red Hat
CVE-2008-0226: Multiple buffer overflows in yaSSL 1
CVE-2008-0226 — Yassl vulnerability | cvebase