← volver
CVE-2008-0227

CVE-2008-0227

EPSS 2.5%
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://bugs.mysql.com/33814http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/28324http://secunia.com/advisories/28597http://secunia.com/advisories/29443http://secunia.com/advisories/32222http://securityreason.com/securityalert/3531https://exchange.xforce.ibmcloud.com/vulnerabilities/39433http://support.apple.com/kb/HT3216http://www.debian.org/security/2008/dsa-1478http://www.mandriva.com/security/advisories?name=MDVSA-2008:150