Stack-Based Buffer Overflow in MySQL and MariaDB Affecting Multiple Versions
CVE-2012-5611

Currently unrated

Key Information:

Vendor

Mariadb

Status
Mariadb
Mysql
Vendor
CVE Published:
3 December 2012

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 66%

What is CVE-2012-5611?

A stack-based buffer overflow vulnerability exists in the acl_get function of MySQL and MariaDB, allowing remote authenticated users to execute arbitrary code. The issue arises when excessively long arguments are passed to the GRANT FILE command, which can lead to potential exploitation and unauthorized access to system resources.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-5611 - Proof of Concept

References

https://kb.askmonty.org/en/mariadb-5528a-release-notes/
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013...
vendor-advisoryx_refsource_SUSE
http://www.exploit-db.com/exploits/23075
exploitx_refsource_EXPLOIT-DB

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.