CVE-2008-0226 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
yassl	yassl	𝑥 ≤ 1.7.5
mysql	mysql	5.0.0
mysql	mysql	5.0.1
mysql	mysql	5.0.2
mysql	mysql	5.0.3
mysql	mysql	5.0.4
mysql	mysql	5.0.5
mysql	mysql	5.0.10
mysql	mysql	5.0.15
mysql	mysql	5.0.16
mysql	mysql	5.0.17
mysql	mysql	5.0.20
mysql	mysql	5.0.24
mysql	mysql	5.0.30
mysql	mysql	5.0.36
mysql	mysql	5.0.44
mysql	mysql	5.0.54
mysql	mysql	5.0.56
mysql	mysql	5.0.60
mysql	mysql	5.0.66
mysql	mysql	5.1.5
oracle	mysql	5.0.23
oracle	mysql	5.0.25
oracle	mysql	5.0.26
oracle	mysql	5.0.28
oracle	mysql	5.0.30:sp1
oracle	mysql	5.0.32
oracle	mysql	5.0.34
oracle	mysql	5.0.36:sp1
oracle	mysql	5.0.38
oracle	mysql	5.0.40
oracle	mysql	5.0.41
oracle	mysql	5.0.42
oracle	mysql	5.0.44:sp1
oracle	mysql	5.0.45
oracle	mysql	5.0.46
oracle	mysql	5.0.48
oracle	mysql	5.0.50
oracle	mysql	5.0.50:sp1
oracle	mysql	5.0.51
oracle	mysql	5.0.52
oracle	mysql	5.0.56:sp1
oracle	mysql	5.0.58
oracle	mysql	5.0.60:sp1
oracle	mysql	5.0.62
oracle	mysql	5.0.64
oracle	mysql	5.0.66:sp1
oracle	mysql	5.1
oracle	mysql	5.1.1
oracle	mysql	5.1.2
oracle	mysql	5.1.3
oracle	mysql	5.1.4
oracle	mysql	5.1.6
oracle	mysql	5.1.7
oracle	mysql	5.1.8
oracle	mysql	5.1.9
oracle	mysql	5.1.10
oracle	mysql	5.1.11
oracle	mysql	5.1.12
oracle	mysql	5.1.13
oracle	mysql	5.1.14
oracle	mysql	5.1.15
oracle	mysql	5.1.16
oracle	mysql	5.1.17
oracle	mysql	5.1.18
oracle	mysql	5.1.19
oracle	mysql	5.1.20
oracle	mysql	5.1.21
oracle	mysql	5.1.22
apple	mac_os_x	10.5.4
debian	debian_linux	5.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	6.10
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mysql-dfsg-4.1

dapper	ignored
edgy	ignored
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

mysql-dfsg-5.0

dapper	Fixed 5.0.22-0ubuntu6.06.8 released
edgy	Fixed 5.0.24a-9ubuntu2.4 released
feisty	Fixed 5.0.38-0ubuntu1.4 released
gutsy	Fixed 5.0.45-1ubuntu3.3 released
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://bugs.mysql.com/33814

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://secunia.com/advisories/28324

http://secunia.com/advisories/28419

http://secunia.com/advisories/28597

http://secunia.com/advisories/29443

http://secunia.com/advisories/32222

http://securityreason.com/securityalert/3531

http://support.apple.com/kb/HT3216

http://www.debian.org/security/2008/dsa-1478

http://www.mandriva.com/security/advisories?name=MDVSA-2008:150

http://www.securityfocus.com/archive/1/485810/100/0/threaded

http://www.securityfocus.com/archive/1/485811/100/0/threaded

http://www.securityfocus.com/bid/27140

http://www.securityfocus.com/bid/31681

http://www.ubuntu.com/usn/usn-588-1

http://www.vupen.com/english/advisories/2008/0560/references

http://www.vupen.com/english/advisories/2008/2780

https://exchange.xforce.ibmcloud.com/vulnerabilities/39429

https://exchange.xforce.ibmcloud.com/vulnerabilities/39431

http://bugs.mysql.com/33814

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://secunia.com/advisories/28324

http://secunia.com/advisories/28419

http://secunia.com/advisories/28597

http://secunia.com/advisories/29443

http://secunia.com/advisories/32222

http://securityreason.com/securityalert/3531

http://support.apple.com/kb/HT3216

http://www.debian.org/security/2008/dsa-1478

http://www.mandriva.com/security/advisories?name=MDVSA-2008:150

http://www.securityfocus.com/archive/1/485810/100/0/threaded

http://www.securityfocus.com/archive/1/485811/100/0/threaded

http://www.securityfocus.com/bid/27140

http://www.securityfocus.com/bid/31681

http://www.ubuntu.com/usn/usn-588-1

http://www.vupen.com/english/advisories/2008/0560/references

http://www.vupen.com/english/advisories/2008/2780

https://exchange.xforce.ibmcloud.com/vulnerabilities/39429

https://exchange.xforce.ibmcloud.com/vulnerabilities/39431