Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Remediation

References

CVE-2008-0226

Related Vulnerabilities

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5746)

WordPress Plugin WP Symposium Cross-Site Scripting (11.11.26)

Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)

Nexus Repository Manager Incorrect Default Permissions Vulnerability (CVE-2019-9630)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Severity

High

Classification

CVE-2008-0226 CWE-119

Tags

Missing Update Known Vulnerabilities