CVE-2012-5612
Last modified
CVE-2012-5612 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.. EPSS estimates a 20.84% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mariadb | Mariadb | >= 5.1.0, < 5.1.67 | — |
| Mariadb | Mariadb | >= 5.2.0, < 5.2.14 | — |
| Mariadb | Mariadb | >= 5.3.0, < 5.3.12 | — |
| Mariadb | Mariadb | >= 5.5.0, < 5.5.29 | — |
| Mariadb | Mariadb | 10.0.0 | — |
| Oracle | Mysql | >= 5.5.0, <= 5.5.28 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp2 |
| Suse | Linux Enterprise Server | 11 | Sp2 |
| Suse | Linux Enterprise Software Development Kit | 11 | Sp2 |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 11.10 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 12.10 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlMailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2012/Dec/5Exploit, Mailing List, Third Party Advisory
- http://secunia.com/advisories/53372Not Applicable
- http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
- http://www.exploit-db.com/exploits/23076Exploit, Third Party Advisory, VDB Entry
- http://www.openwall.com/lists/oss-security/2012/12/02/3Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/4Mailing List, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1703-1Third Party Advisory
- https://mariadb.atlassian.net/browse/MDEV-3908Broken Link, Exploit, Patch
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlMailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2012/Dec/5Exploit, Mailing List, Third Party Advisory
- http://secunia.com/advisories/53372Not Applicable
- http://security.gentoo.org/glsa/glsa-201308-06.xmlThird Party Advisory
- http://www.exploit-db.com/exploits/23076Exploit, Third Party Advisory, VDB Entry
- http://www.openwall.com/lists/oss-security/2012/12/02/3Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/12/02/4Mailing List, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1703-1Third Party Advisory
- https://mariadb.atlassian.net/browse/MDEV-3908Broken Link, Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5612?
How severe is CVE-2012-5612?
How do I fix CVE-2012-5612?
Are you affected by CVE-2012-5612?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST