CVE-2012-5612

CVSS V2 Medium 6.5 CVSS V3 None
Description
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Overview
  • CVE ID
  • CVE-2012-5612
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2012-12-03T12:49:43
  • Last Modified Date
  • 2022-07-20T16:24:52
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* 1 OR 5.1.0 5.1.67
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* 1 OR 5.2.0 5.2.14
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* 1 OR 5.3.0 5.3.12
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* 1 OR 5.5.0 5.5.29
cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* 1 OR 5.5.0 5.5.28
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2012/12/02/4
http://www.exploit-db.com/exploits/23076 Exploit
http://seclists.org/fulldisclosure/2012/Dec/5 Exploit
https://mariadb.atlassian.net/browse/MDEV-3908 Exploit Patch
http://www.openwall.com/lists/oss-security/2012/12/02/3
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
http://www.ubuntu.com/usn/USN-1703-1
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
http://secunia.com/advisories/53372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-5612
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612
History
Created Old Value New Value Data Type Notes
2022-05-10 08:31:18 Added to TrackCVE