Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-d4r8-e34r-pfge
Summary
Multiple vulnerabilities were found in MySQL, some of which may
    allow execution of arbitrary code.
Aliases
0
alias CVE-2009-4484
Fixed_packages
0
url pkg:ebuild/dev-db/mysql@5.1.56
purl pkg:ebuild/dev-db/mysql@5.1.56
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/mysql@5.1.56
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4484.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-4484
reference_id
reference_type
scores
0
value 0.75816
scoring_system epss
scoring_elements 0.989
published_at 2026-04-01T12:55:00Z
1
value 0.75816
scoring_system epss
scoring_elements 0.98901
published_at 2026-04-02T12:55:00Z
2
value 0.75816
scoring_system epss
scoring_elements 0.98903
published_at 2026-04-04T12:55:00Z
3
value 0.75816
scoring_system epss
scoring_elements 0.98904
published_at 2026-04-07T12:55:00Z
4
value 0.75816
scoring_system epss
scoring_elements 0.98906
published_at 2026-04-09T12:55:00Z
5
value 0.75816
scoring_system epss
scoring_elements 0.98907
published_at 2026-04-11T12:55:00Z
6
value 0.75816
scoring_system epss
scoring_elements 0.98908
published_at 2026-04-12T12:55:00Z
7
value 0.75816
scoring_system epss
scoring_elements 0.98909
published_at 2026-04-13T12:55:00Z
8
value 0.75816
scoring_system epss
scoring_elements 0.98911
published_at 2026-04-18T12:55:00Z
9
value 0.75816
scoring_system epss
scoring_elements 0.98915
published_at 2026-04-21T12:55:00Z
10
value 0.75816
scoring_system epss
scoring_elements 0.98919
published_at 2026-04-24T12:55:00Z
11
value 0.75816
scoring_system epss
scoring_elements 0.9892
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-4484
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=555313
reference_id 555313
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=555313
3
reference_url http://secunia.com/advisories/38344/
reference_id CVE-2009-4484;OSVDB-61956
reference_type exploit
scores
url http://secunia.com/advisories/38344/
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16850.rb
reference_id CVE-2009-4484;OSVDB-61956
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16850.rb
5
reference_url https://security.gentoo.org/glsa/201201-02
reference_id GLSA-201201-02
reference_type
scores
url https://security.gentoo.org/glsa/201201-02
6
reference_url https://usn.ubuntu.com/1397-1/
reference_id USN-1397-1
reference_type
scores
url https://usn.ubuntu.com/1397-1/
7
reference_url https://usn.ubuntu.com/897-1/
reference_id USN-897-1
reference_type
scores
url https://usn.ubuntu.com/897-1/
Weaknesses
0
cwe_id 228
name Improper Handling of Syntactically Invalid Structure
description The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
1
cwe_id 119
name Improper Restriction of Operations within the Bounds of a Memory Buffer
description The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Exploits
0
date_added 2010-04-30
description MySQL - yaSSL CertDecoder::GetName Buffer Overflow (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2010-04-30
exploit_type remote
platform linux
source_date_updated 2011-03-06
data_source Exploit-DB
source_url http://secunia.com/advisories/38344/
1
date_added null
description 
This module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier)
          implementation bundled with MySQL. By sending a specially crafted
          client certificate, an attacker can execute arbitrary code.

          This vulnerability is present within the CertDecoder::GetName function inside
          "taocrypt/src/asn.cpp". However, the stack buffer that is written to exists
          within a parent function's stack frame.

          NOTE: This vulnerability requires a non-default configuration. First, the attacker
          must be able to pass the host-based authentication. Next, the server must be
          configured to listen on an accessible network interface.  Lastly, the server
          must have been manually configured to use SSL.

          The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing
          on Windows XP SP3, these protections successfully prevented exploitation.

          Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is
          present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary
          package were not exploitable due to the use of the compiler's FORTIFY feature.

          Although suse11 was mentioned in the original blog post, the binary package they
          provide does not contain yaSSL or support SSL.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2010-01-25
exploit_type null
platform Linux
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/mysql/mysql_yassl_getname.rb
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-d4r8-e34r-pfge