What is CVE-2012-5612?

CVE-2012-5612 is a vulnerability in Mariadb, classified under Out-of-bounds Write. Published 2012-12-03.

Is CVE-2012-5612 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Mariadb

CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly…

Vulnerability class: Buffer Overflow

EPSS: 0.668 (98.6th percentile) — read the EPSS interpretation.

Affected products

Mariadb — versions 10.0.0
Oracle Mysql
Canonical Ubuntu_linux — versions 10.04, 11.10, 12.04
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_server — versions 11
Suse Linux_enterprise_software_development_kit — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

23076 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
USN-1703-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
MDVSA-2013:102 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
53372 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
GLSA-201308-06 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
SUSE-SU-2013:0262 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2012-5612?: CVE-2012-5612 is a vulnerability in Mariadb, classified under Out-of-bounds Write. Published 2012-12-03.
Is CVE-2012-5612 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.