Description

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Remediation

References

CVE-2012-5611

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2010-2939)

Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)

Joomla Other Vulnerability (CVE-2006-1029)

Drupal Deserialization of Untrusted Data Vulnerability (CVE-2019-6338)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7833)

Severity

Medium

Classification

CVE-2012-5611 CWE-119

Tags

Missing Update Known Vulnerabilities