CVE - CVE-2012-5612

CVE-ID
CVE-2012-5612	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html CONFIRM:https://mariadb.atlassian.net/browse/MDEV-3908 EXPLOIT-DB:23076 URL:http://www.exploit-db.com/exploits/23076 FULLDISC:20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday URL:http://seclists.org/fulldisclosure/2012/Dec/5 GENTOO:GLSA-201308-06 URL:http://security.gentoo.org/glsa/glsa-201308-06.xml MANDRIVA:MDVSA-2013:102 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:102~~ (Obsolete source) MANDRIVA:MDVSA-2013:150 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:150~~ (Obsolete source) MLIST:[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday URL:http://www.openwall.com/lists/oss-security/2012/12/02/3 MLIST:[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday URL:http://www.openwall.com/lists/oss-security/2012/12/02/4 OVAL:oval:org.mitre.oval:def:16960 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960 SECUNIA:53372 URL:http://secunia.com/advisories/53372 SUSE:SUSE-SU-2013:0262 URL:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html UBUNTU:USN-1703-1 URL:http://www.ubuntu.com/usn/USN-1703-1
Assigning CNA
Red Hat, Inc.
Date Record Created
20121024	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20121024)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)