Unrated severityNVD Advisory· Published Dec 3, 2012· Updated Apr 29, 2026

CVE-2012-5612

Description

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Affected products

MariaDB/MariaDB2 versions
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*range: >=5.1.0,<5.1.67
- cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*
Oracle Corporation/MySQL
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.28
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
SUSE S.A./Linux Enterprise Software Development Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2012/Dec/5nvdExploitMailing ListThird Party Advisory
www.exploit-db.com/exploits/23076nvdExploitThird Party AdvisoryVDB Entry
mariadb.atlassian.net/browse/MDEV-3908nvdBroken LinkExploitPatch
lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.htmlnvdMailing ListThird Party Advisory
security.gentoo.org/glsa/glsa-201308-06.xmlnvdThird Party Advisory
www.openwall.com/lists/oss-security/2012/12/02/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2012/12/02/4nvdMailing ListThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlnvdVendor Advisory
www.ubuntu.com/usn/USN-1703-1nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16960nvdThird Party Advisory
secunia.com/advisories/53372nvdNot Applicable
www.mandriva.com/security/advisoriesnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.053
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000