Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-0226)

Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Remediation

References

Related Vulnerabilities

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20036)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6125)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25828)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5)

Severity

High

Classification

CVE-2008-0226 CWE-119

Tags

Missing Update Known Vulnerabilities