CVE-2008-0227
CVE-2008-0227
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.mysql.com/33814http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/28324http://secunia.com/advisories/28597http://secunia.com/advisories/29443http://secunia.com/advisories/32222http://securityreason.com/securityalert/3531https://exchange.xforce.ibmcloud.com/vulnerabilities/39433http://support.apple.com/kb/HT3216http://www.debian.org/security/2008/dsa-1478http://www.mandriva.com/security/advisories?name=MDVSA-2008:150