Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5612Out-of-bounds Write in Mariadb

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
66.8%
top 1.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
MariadbOracle MysqlCanonical Ubuntu Linux+3 more
Timeline
PublishedDec 3
Latest updateMay 17

Description

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE,

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages5 packages

NVDoracle/mysql5.5.05.5.28
NVDmariadb/mariadb5.1.05.1.67+4

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: mariadb.atlassian.netPatch: mariadb.atlassian.net

🔴Vulnerability Details

2
GHSA
GHSA-j274-98hw-37wv: Heap-based buffer overflow in Oracle MySQL 52022-05-17
CVEList
CVE-2012-5612: Heap-based buffer overflow in Oracle MySQL 52012-12-03

💥Exploits & PoCs

1
Exploit-DB
MySQL (Linux) - Heap Overrun (PoC)2012-12-02

📋Vendor Advisories

2
Ubuntu
MySQL vulnerabilities2013-01-22
Red Hat
mysql: MDL subsystem heap-based buffer overflow2012-12-01

💬Community

2
Bugzilla
mysql: Oracle CPU January 20132013-01-15
Bugzilla
CVE-2012-5612 mysql: MDL subsystem heap-based buffer overflow2012-12-02
CVE-2012-5612 — Out-of-bounds Write in Mariadb | cvebase