← Back

CVE-2012-5612

nvd nist
Published: Dec 3, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Affected (14)

Show all products
Mariadb: Mariadb · Oracle: Mysql · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux
Mariadb
1 product
Mariadb
Oracle
1 product
Mysql
Suse
3 products
Linux Enterprise Desktop
Linux Enterprise Server
Linux Enterprise Software Development Kit
Canonical
1 product
Ubuntu Linux
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Mariadb
Mariadb
From 5.1.0 to 5.1.67
Mariadb
From 5.2.0 to 5.2.14
Mariadb
From 5.3.0 to 5.3.12
Mariadb
From 5.5.0 to 5.5.29
Mariadb
Version 10.0.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Mysql
From 5.5.0 to 5.5.28
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Linux Enterprise Desktop
Version 11 sp2
Suse
Linux Enterprise Server
Version 11 sp2
Linux Enterprise Server
Version 11 sp2
Linux Enterprise Software Development Kit
Version 11 sp2
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 11.10
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 12.10

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (26)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
ExploitMailing ListThird Party Advisory
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
ExploitThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken LinkExploitPatch
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.