CVE-2012-5611 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
mariadb	mariadb	5.1.41
mariadb	mariadb	5.1.42
mariadb	mariadb	5.1.44
mariadb	mariadb	5.1.47
mariadb	mariadb	5.1.49
mariadb	mariadb	5.1.50
mariadb	mariadb	5.1.51
mariadb	mariadb	5.1.53
mariadb	mariadb	5.1.55
mariadb	mariadb	5.1.60
mariadb	mariadb	5.1.61
mariadb	mariadb	5.1.62
mariadb	mariadb	5.2.0
mariadb	mariadb	5.2.1
mariadb	mariadb	5.2.2
mariadb	mariadb	5.2.3
mariadb	mariadb	5.2.4
mariadb	mariadb	5.2.5
mariadb	mariadb	5.2.6
mariadb	mariadb	5.2.7
mariadb	mariadb	5.2.8
mariadb	mariadb	5.2.9
mariadb	mariadb	5.2.10
mariadb	mariadb	5.2.11
mariadb	mariadb	5.2.12
mariadb	mariadb	5.3.0
mariadb	mariadb	5.3.1
mariadb	mariadb	5.3.2
mariadb	mariadb	5.3.3
mariadb	mariadb	5.3.4
mariadb	mariadb	5.3.5
mariadb	mariadb	5.3.6
mariadb	mariadb	5.3.7
mariadb	mariadb	5.3.8
mariadb	mariadb	5.3.9
mariadb	mariadb	5.3.10
mariadb	mariadb	5.5.20
mariadb	mariadb	5.5.21
mariadb	mariadb	5.5.22
mariadb	mariadb	5.5.23
mariadb	mariadb	5.5.24
mariadb	mariadb	5.5.25
mariadb	mariadb	5.5.27
mariadb	mariadb	5.5.28
oracle	mysql	5.1.53
oracle	mysql	5.5.19

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mysql-5.1

hardy	dne
lucid	dne
oneiric	Fixed 5.1.66-0ubuntu0.11.10.3 released
precise	dne
quantal	dne

mysql-5.5

hardy	dne
lucid	dne
oneiric	dne
precise	Fixed 5.5.28-0ubuntu0.12.04.3 released
quantal	Fixed 5.5.28-0ubuntu0.12.10.2 released

mysql-dfsg-5.1

hardy	dne
lucid	Fixed 5.1.66-0ubuntu0.10.04.3 released
oneiric	dne
precise	dne
quantal	dne

openSUSE / SLES Releases

openSUSE Product

Release

libmariadbd104-devel

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

libmariadbd19

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

libmysqld-devel

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

libmysqld19

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-client

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-errormessages

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb-tools

suse enterprise sap 15	10.2.15-1.3 fixed
suse enterprise sap 15 SP1	10.2.22-3.14.1 fixed
suse enterprise server 15	10.2.15-1.3 fixed
suse enterprise server 15 SP1	10.2.22-3.14.1 fixed

mariadb104

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-bench

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-client

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-errormessages

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-galera

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-rpm-macros

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-test

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

mariadb104-tools

suse enterprise server 15 SP1

10.4.30-150100.3.5.10

fixed

python3-mysqlclient

suse enterprise server 15 SP1

1.4.6-150100.3.3.7

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

mysql

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-bench

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-devel

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-embedded

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-embedded-devel

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-libs

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-server

RHEL 6

0:5.1.66-2.el6_3

fixed

mysql-test

RHEL 6

0:5.1.66-2.el6_3

fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1551.html

http://rhn.redhat.com/errata/RHSA-2013-0180.html

http://seclists.org/fulldisclosure/2012/Dec/4

http://secunia.com/advisories/51443

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.debian.org/security/2012/dsa-2581

http://www.exploit-db.com/exploits/23075

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

http://www.ubuntu.com/usn/USN-1658-1

http://www.ubuntu.com/usn/USN-1703-1

https://kb.askmonty.org/en/mariadb-5166-release-notes/

https://kb.askmonty.org/en/mariadb-5213-release-notes/

https://kb.askmonty.org/en/mariadb-5311-release-notes/

https://kb.askmonty.org/en/mariadb-5528a-release-notes/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1551.html

http://rhn.redhat.com/errata/RHSA-2013-0180.html

http://seclists.org/fulldisclosure/2012/Dec/4

http://secunia.com/advisories/51443

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.debian.org/security/2012/dsa-2581

http://www.exploit-db.com/exploits/23075

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2012/12/02/3

http://www.openwall.com/lists/oss-security/2012/12/02/4

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

http://www.ubuntu.com/usn/USN-1658-1

http://www.ubuntu.com/usn/USN-1703-1

https://kb.askmonty.org/en/mariadb-5166-release-notes/

https://kb.askmonty.org/en/mariadb-5213-release-notes/

https://kb.askmonty.org/en/mariadb-5311-release-notes/

https://kb.askmonty.org/en/mariadb-5528a-release-notes/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395