You are here

CVE-2012-5612

Vincent (CVE) Danen's picture
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Details Source

Mitre

Public Date

2012-12-01 00:00:00

Impact

Important

Bugzilla

CVE-2012-5612 mysql: MDL subsystem heap-based buffer overflow

Bugzilla ID

882 600

CVSS Status

draft

Base Score

6.50

Base Metrics

AV:N/AC:L/Au:S/C:P/I:P/A:P

External References

https://mariadb.atlassian.net/browse/MDEV-3908

CWE

CWE-122

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 mysql Not affected
Red Hat Enterprise Linux 5 mysql Not affected