CVE-2012-0882

Publication date 21 December 2012

Last updated 4 August 2025

Ubuntu priority

Low

Why this priority?

Description

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Read the notes from the security team

Status

Package Ubuntu Release Status
mysql-5.5 12.04 LTS precise
Not affected
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes

jdstrand

supposedly pre-auth root remote 0-day. Due to lack of information setting priority to 'low' for now (there is nothing to be done). Report only mention 5.5.20 as affected, so due to lack of information, leaving other sources out for now.

mdeslaur

This is probably fixed with the yassl update that went into 5.1.62, 5.0.96 and 5.5.22

References

Other references