CVE-2008-0227
Published: 10 January 2008
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Notes
Author | Note |
---|---|
jdstrand | dapper not affected (yassl not compiled) |
Priority
Status
Package | Release | Status |
---|---|---|
mysql-dfsg-4.1 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.8)
|
edgy |
Released
(5.0.24a-9ubuntu2.4)
|
|
feisty |
Released
(5.0.38-0ubuntu1.4)
|
|
gutsy |
Released
(5.0.45-1ubuntu3.3)
|
|
hardy |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
intrepid |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
jaunty |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
karmic |
Not vulnerable
(5.0.51a-1ubuntu1)
|
|
upstream |
Needed
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1478 |