Your submission was sent successfully! Close

CVE-2008-0227

Published: 10 January 2008

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

Notes

AuthorNote
jdstrand
dapper not affected (yassl not compiled)
Priority

Low

Status

Package Release Status
mysql-dfsg-4.1
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
edgy Needed
(reached end-of-life)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
dapper
Released (5.0.22-0ubuntu6.06.8)
edgy
Released (5.0.24a-9ubuntu2.4)
feisty
Released (5.0.38-0ubuntu1.4)
gutsy
Released (5.0.45-1ubuntu3.3)
hardy Not vulnerable
(5.0.51a-1ubuntu1)
intrepid Not vulnerable
(5.0.51a-1ubuntu1)
jaunty Not vulnerable
(5.0.51a-1ubuntu1)
karmic Not vulnerable
(5.0.51a-1ubuntu1)
upstream Needed

Patches:
vendor: http://www.debian.org/security/2008/dsa-1478