VDB

CVE-2009-4484

CVE-2009-4484 PUBLISHED KEV CVSS 7.5 HIGH

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

EPSS 75.82% · 98.9th percentile

Risk Scores

CVSS v2.0
7.5
EPSS Score
75.82%
98.9th percentile

Affected Products

VendorProductVersions
oraclemysql5.0.0, 5.0.0, 5.1.0
mariadbmariadb5.1
debiandebian_linux4.0, 5.0, 6.0
wolfsslyassl0
canonicalubuntu_linux9.04, 8.04, 6.06
n/an/a*

Timeline

  • Dec 30, 2009 CVE Published
  • Apr 30, 2010 PoC Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 2, 2022 CVE Updated
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 17, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Apr 1, 2023 EPSS Score
  • May 24, 2023 EPSS Score

References

…and 17 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›