{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"}, {"name": "openSUSE-SU-2013:0013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"}, {"name": "23075", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/23075"}, {"name": "USN-1703-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1703-1"}, {"name": "MDVSA-2013:102", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"}, {"name": "openSUSE-SU-2013:0156", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"}, {"name": "53372", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53372"}, {"name": "openSUSE-SU-2013:0135", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"}, {"name": "openSUSE-SU-2013:0011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"}, {"name": "RHSA-2013:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"}, {"name": "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2012/Dec/4"}, {"name": "GLSA-201308-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"name": "RHSA-2012:1551", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"}, {"name": "DSA-2581", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2581"}, {"name": "SUSE-SU-2013:0262", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"name": "openSUSE-SU-2013:0014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"}, {"name": "51443", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51443"}, {"name": "openSUSE-SU-2013:1412", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"}, {"name": "oval:org.mitre.oval:def:16395", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"}, {"name": "USN-1658-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1658-1"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5611", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/", "refsource": "CONFIRM", "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"}, {"name": "openSUSE-SU-2013:0013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"}, {"name": "23075", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/23075"}, {"name": "USN-1703-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1703-1"}, {"name": "MDVSA-2013:102", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"}, {"name": "openSUSE-SU-2013:0156", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"}, {"name": "53372", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53372"}, {"name": "openSUSE-SU-2013:0135", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"}, {"name": "openSUSE-SU-2013:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"name": "https://kb.askmonty.org/en/mariadb-5166-release-notes/", "refsource": "CONFIRM", "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"}, {"name": "RHSA-2013:0180", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"}, {"name": "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2012/Dec/4"}, {"name": "GLSA-201308-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"name": "RHSA-2012:1551", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"}, {"name": "DSA-2581", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2581"}, {"name": "SUSE-SU-2013:0262", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"name": "openSUSE-SU-2013:0014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"}, {"name": "51443", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51443"}, {"name": "openSUSE-SU-2013:1412", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"}, {"name": "https://kb.askmonty.org/en/mariadb-5311-release-notes/", "refsource": "CONFIRM", "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"}, {"name": "oval:org.mitre.oval:def:16395", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"}, {"name": "USN-1658-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1658-1"}, {"name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"name": "https://kb.askmonty.org/en/mariadb-5213-release-notes/", "refsource": "CONFIRM", "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.163Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"}, {"name": "openSUSE-SU-2013:0013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"}, {"name": "23075", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/23075"}, {"name": "USN-1703-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1703-1"}, {"name": "MDVSA-2013:102", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"}, {"name": "openSUSE-SU-2013:0156", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"}, {"name": "53372", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53372"}, {"name": "openSUSE-SU-2013:0135", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"}, {"name": "openSUSE-SU-2013:0011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"}, {"name": "RHSA-2013:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"}, {"name": "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2012/Dec/4"}, {"name": "GLSA-201308-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"name": "RHSA-2012:1551", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"}, {"name": "DSA-2581", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2581"}, {"name": "SUSE-SU-2013:0262", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"name": "openSUSE-SU-2013:0014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"}, {"name": "51443", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51443"}, {"name": "openSUSE-SU-2013:1412", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"}, {"name": "oval:org.mitre.oval:def:16395", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"}, {"name": "USN-1658-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1658-1"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5611", "datePublished": "2012-12-03T11:00:00.000Z", "dateReserved": "2012-10-24T00:00:00.000Z", "dateUpdated": "2024-08-06T21:14:16.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*", "matchCriteriaId": "86D9BEC1-F4C2-4BE6-A608-D8958A032972", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*", "matchCriteriaId": "77F04B12-6063-4BAB-A69B-F1F19CC3FFB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*", "matchCriteriaId": "8A77E458-3AE9-4B02-9A9F-A640DAE073B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*", "matchCriteriaId": "DF78DF61-E6C3-4E92-A8B9-843698D03D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*", "matchCriteriaId": "56F2A57F-2CDD-48F8-AC92-1E599875E704", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*", "matchCriteriaId": "4F2BAD43-DDF2-4830-A844-8A6F18EF98CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*", "matchCriteriaId": "FCB1ECEF-8420-41CF-9CFD-AD551BB04C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*", "matchCriteriaId": "B4C45914-1CB3-440F-AB7B-564B3A09D9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*", "matchCriteriaId": "581E047E-339B-4CB4-ADA9-AF25BE0345B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*", "matchCriteriaId": "C16A0D77-DA95-41D7-9BE2-7B306AF9FF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*", "matchCriteriaId": "B4BAE0F1-010D-47D8-B65E-335EF455C951", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.1.62:*:*:*:*:*:*:*", "matchCriteriaId": "91DD3FC9-2530-4BAA-929A-6D4E96868B74", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "552E49DC-80FD-4422-9341-44CE0C127027", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDEAEFC9-9C50-44F9-8D8C-FAC18F706DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "92BD73CE-88F8-4DF0-8293-FBE1FEC8BAB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B438CEA-C321-4B48-8610-9E0CABA7F9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "56C584AF-64B0-4DCB-9E36-E60170654D03", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DD15542-FBFB-4513-BC42-5EE63247313D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "98247C01-F906-426A-B5C6-5A3905B83027", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "5F7C92F3-D18F-47B8-A6D7-2DD210B0BC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "323BDFDE-FA24-4169-8BD4-C7978C4FDBBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "0FA479ED-0B6B-464A-B476-82C5C4E05D20", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "2EFF6DF6-DE51-49EA-B745-4EBC20814E6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "A8B00856-5DDC-415A-98AC-62736B9C2DA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "FC6B5FF9-7A46-46D9-BEA2-2146F958E6BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A0122E5B-7EBF-431A-B144-45F945099FE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59BC8D7B-866E-42E5-9EF9-E8F487AE21C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A1982C3-4F1B-4B62-AB75-0FE88EA1BC33", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "49A3AD71-6E48-40CF-BA9D-75B6D8D02B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0CBE6FE-12C8-4E5E-990E-9E4859862A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "ACBBA64F-F39C-422A-9FDB-72372B6C4320", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "43121525-06CD-4C4A-A4C0-5AC26CDB275F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "72855B60-229B-4AB9-9786-1EDDA8F16DAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "64040784-F6ED-4FC2-8D43-6DAB38770BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "A242B531-0936-4F67-8F07-245FE929F034", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "9ABB8B61-273F-441A-98B3-56EF456EDF6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "F99E43D2-D49C-4990-B683-2E26D58DB816", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*", "matchCriteriaId": "C082352C-DFE1-461A-9803-C180021144A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*", "matchCriteriaId": "F49B9C56-71B4-4B1B-ABD8-CFE56A4F0816", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "FCA16095-E56A-4523-B738-2C4E86CEF603", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.24:*:*:*:*:*:*:*", "matchCriteriaId": "917846BE-1D70-4121-8065-F97F3D710244", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.25:*:*:*:*:*:*:*", "matchCriteriaId": "7140FE2C-C06C-4005-958C-B00D3CEC6333", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "4D4C9720-8FC9-4EF3-81C9-D84D6E6EA949", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:5.5.28:*:*:*:*:*:*:*", "matchCriteriaId": "813E44E5-8B9B-4FCA-86A2-4AA4135F9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*", "matchCriteriaId": "0E1B28CE-BFE1-4331-90F9-E6BA672BDAA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*", "matchCriteriaId": "77E105E9-FE65-4B75-9818-D3897294E941", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en MySQL v5.5.19, v5.1.53, y posiblemente otras versiones, y MariaDB v5.5.2.x antes de v5.5.28a, v5.3.x antes de v5.3.11, v5.2.x antes de v5.2.13 y v5.1.x antes de v5.1.66, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento largo en el comando GRANT FILE."}], "evaluatorComment": "per http://www.openwall.com/lists/oss-security/2012/12/02/3, this vulnerability is only on linux-based software installations", "id": "CVE-2012-5611", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-03T12:49:43.363", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2012/Dec/4"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51443"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/53372"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2581"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/23075"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1658-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1703-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2012/Dec/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/53372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/23075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1658-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1703-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0180", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "mysql-0:5.0.95-5.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-01-22T00:00:00Z"}, {"advisory": "RHSA-2012:1551", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "mysql-0:5.1.66-2.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-12-07T00:00:00Z"}], "bugzilla": {"description": "mysql: acl_get() stack-based buffer overflow", "id": "881064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=881064"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."], "name": "CVE-2012-5611", "public_date": "2012-11-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5611\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5611"], "threat_severity": "Important"}

{}