CVE-2008-0226

Exp

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Published: 2008-01-10 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-0226 is rated High Exploit Risk (80/100): CVSS High severity, with high exploitation likelihood (EPSS 92.18%, 100th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-0226

EDB-ID Source Kind Published Link
16701 exploit_db edb 2010-05-09 Exploit-DB ↗
16849 exploit_db edb 2010-05-09 Exploit-DB ↗
9953 exploit_db edb 2008-01-04 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-0226

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-02-04 92.11% 92.18% +0.07%
2 2025-12-28 90.43% 92.11% +1.68%
3 2025-12-27 90.43%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-0226

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2008-0226

OS Trackers for CVE-2008-0226

vendor priority summary link
redhat https://access.redhat.com/security/cve/CVE-2008-0226
ubuntu medium CVE-2008-0226 medium priority: Ubuntu including 2 source packages (mysql-dfsg-4.1, mysql-dfsg-5.0), 18 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): DNE 6, not-affected 4, released 4, ignored 2, needs-triage 2. https://ubuntu.com/security/CVE-2008-0226

Vendor comments (NVD) for CVE-2008-0226

  • Red Hat (2008-01-11T00:00:00)

    Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.

Affected software / configurations for CVE-2008-0226

Vendor Product Version Raw CPE
yassl yassl <= 1.7.5 cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*
mysql mysql 5.0.0 cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
mysql mysql 5.0.1 cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
mysql mysql 5.0.2 cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
mysql mysql 5.0.3 cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
mysql mysql 5.0.4 cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
mysql mysql 5.0.5 cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
mysql mysql 5.0.10 cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
mysql mysql 5.0.15 cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
mysql mysql 5.0.16 cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
mysql mysql 5.0.17 cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
mysql mysql 5.0.20 cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
mysql mysql 5.0.24 cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
mysql mysql 5.0.30 cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
mysql mysql 5.0.36 cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
mysql mysql 5.0.44 cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
mysql mysql 5.0.54 cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
mysql mysql 5.0.56 cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
mysql mysql 5.0.60 cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
mysql mysql 5.0.66 cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
mysql mysql 5.1.5 cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
oracle mysql 5.0.23 cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
oracle mysql 5.0.25 cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
oracle mysql 5.0.26 cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
oracle mysql 5.0.28 cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
oracle mysql 5.0.30 cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
oracle mysql 5.0.32 cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
oracle mysql 5.0.34 cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
oracle mysql 5.0.36 cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
oracle mysql 5.0.38 cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
oracle mysql 5.0.40 cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
oracle mysql 5.0.41 cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
oracle mysql 5.0.42 cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
oracle mysql 5.0.44 cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
oracle mysql 5.0.45 cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
oracle mysql 5.0.46 cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
oracle mysql 5.0.48 cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
oracle mysql 5.0.50 cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
oracle mysql 5.0.50 cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
oracle mysql 5.0.51 cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
oracle mysql 5.0.52 cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
oracle mysql 5.0.56 cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
oracle mysql 5.0.58 cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
oracle mysql 5.0.60 cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
oracle mysql 5.0.62 cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
oracle mysql 5.0.64 cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
oracle mysql 5.0.66 cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*
oracle mysql 5.1 cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
oracle mysql 5.1.1 cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
oracle mysql 5.1.2 cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
oracle mysql 5.1.3 cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
oracle mysql 5.1.4 cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
oracle mysql 5.1.6 cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
oracle mysql 5.1.7 cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
oracle mysql 5.1.8 cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
oracle mysql 5.1.9 cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
oracle mysql 5.1.10 cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
oracle mysql 5.1.11 cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
oracle mysql 5.1.12 cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
oracle mysql 5.1.13 cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
oracle mysql 5.1.14 cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
oracle mysql 5.1.15 cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
oracle mysql 5.1.16 cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
oracle mysql 5.1.17 cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
oracle mysql 5.1.18 cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
oracle mysql 5.1.19 cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
oracle mysql 5.1.20 cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
oracle mysql 5.1.21 cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
oracle mysql 5.1.22 cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
apple mac_os_x 10.5.4 cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
debian debian_linux 5.0 cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonical ubuntu_linux 6.10 cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
canonical ubuntu_linux 7.04 cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
canonical ubuntu_linux 7.10 cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

References for CVE-2008-0226

URL Tags
http://bugs.mysql.com/33814 Permissions Required
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html Not Applicable
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List Third Party Advisory
http://secunia.com/advisories/28324 Not Applicable
http://secunia.com/advisories/28419 Not Applicable
http://secunia.com/advisories/28597 Not Applicable
http://secunia.com/advisories/29443 Not Applicable
http://secunia.com/advisories/32222 Not Applicable
http://securityreason.com/securityalert/3531 Third Party Advisory
http://support.apple.com/kb/HT3216 Third Party Advisory
http://www.debian.org/security/2008/dsa-1478 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 Broken Link
http://www.securityfocus.com/archive/1/485810/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/485811/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/27140 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31681 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-588-1 Third Party Advisory
http://www.vupen.com/english/advisories/2008/0560/references Permissions Required
http://www.vupen.com/english/advisories/2008/2780 Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429 VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431 VDB Entry
cvelogic Threat Intelligence