CVE-2008-0227

Priority
Low
Description
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products,
allows remote attackers to cause a denial of service (crash) via a Hello
packet containing a large size value, which triggers a buffer over-read in
the HASHwithTransform::Update function in hash.cpp.
References
Bugs
Notes
jdstrand> dapper not affected (yassl not compiled)
Assigned-to
jdstrand
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):not-affected (5.0.51a-1ubuntu1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (5.0.51a-1ubuntu1)
Patches:
Vendor:http://www.debian.org/security/2008/dsa-1478
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:31 UTC (commit 5347)