Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5611Improper Restriction of Operations within the Bounds of a Memory Buffer in Mariadb

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow9 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
66.6%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MariadbOracle Mysql
Timeline
PublishedDec 3
Latest updateMay 17

Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/mysql5.1.53, 5.5.19+1
NVDmariadb/mariadb44 versions+43

🔴Vulnerability Details

1
GHSA
GHSA-gcrp-g698-23xq: Stack-based buffer overflow in the acl_get function in Oracle MySQL 52022-05-17

💥Exploits & PoCs

1
Exploit-DB
MySQL (Linux) - Stack Buffer Overrun (PoC)2012-12-02

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2013-01-22
Ubuntu
MySQL vulnerability2012-12-10
Red Hat
mysql: acl_get() stack-based buffer overflow2012-11-29

💬Community

3
Bugzilla
mysql: Oracle CPU January 20132013-01-15
Bugzilla
CVE-2012-5611 mysql: acl_get() stack-based buffer overflow [fedora-all]2012-12-05
Bugzilla
mysql: Stack-based buffer overflow2012-12-02