Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2012-5612

Published: 03/12/2012 Updated: 20/07/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Mariadb

Vulnerability Summary

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions up to and including 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mariadb mariadb 10.0.0

mariadb mariadb

oracle mysql

suse linux enterprise desktop 11

suse linux enterprise server 11

suse linux enterprise software development kit 11

canonical ubuntu linux 11.10

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

Vendor Advisories

Debian CVElist Bug Report Logs: mysql-5.5: New MySQL issues
Debian Bug report logs - #695001 mysql-55: New MySQL issues Package: mysql-55; Maintainer for mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 3 Dec 2012 07:54:02 UTC Severity: grave Tags: security Fixed in version mysql-5 ...
Ubuntu Security Notice: mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities
Several security issues were fixed in MySQL ...

Exploits

Exploit DB: MySQL (Linux) - Heap Overrun (PoC)
# MySQL Heap Overrun # tested for the latest version of mysql server on a SuSE Linux system # # As seen below $edx and $edi are fully controlled, # the current instruction is # => 0x83a6b24 <free_root+180>: mov (%edx),%edi # this means we landed in a place where 4 bytes can be controlled by 4 bytes # with this function pointers and GO ...

Github Repositories

https://github.com/ipirva/NSX-T_IDS

NSX-T IDS with Network Container Plugin The repository contains the Kubernetes manifests for the deployment of an old Drupal (70), PHP (56), MySQL (50) setup Drupal 70 container image is built from the provided Dockerfile There are some CVEs that will trigger alarms on the IDS: MySQL DELETE tbl_name heap buffer overflow (CVE-2012-5612) Drupal 7 Preauth SQL Injection (CVE

References

CWE-787http://www.openwall.com/lists/oss-security/2012/12/02/4http://www.exploit-db.com/exploits/23076http://seclists.org/fulldisclosure/2012/Dec/5https://mariadb.atlassian.net/browse/MDEV-3908http://www.openwall.com/lists/oss-security/2012/12/02/3http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlhttp://www.ubuntu.com/usn/USN-1703-1http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://security.gentoo.org/glsa/glsa-201308-06.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:102http://secunia.com/advisories/53372https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695001https://usn.ubuntu.com/1703-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/23076/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook