Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/56607?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56607?format=api", "vulnerability_id": "VCID-d4r8-e34r-pfge", "summary": "Multiple vulnerabilities were found in MySQL, some of which may\n allow execution of arbitrary code.", "aliases": [ { "alias": "CVE-2009-4484" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83122?format=api", "purl": "pkg:ebuild/dev-db/mysql@5.1.56", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/mysql@5.1.56" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4484.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98903", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98906", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98911", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98915", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.75816", "scoring_system": "epss", "scoring_elements": "0.98926", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=555313", "reference_id": "555313", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555313" }, { "reference_url": "http://secunia.com/advisories/38344/", "reference_id": "CVE-2009-4484;OSVDB-61956", "reference_type": "exploit", "scores": [], "url": "http://secunia.com/advisories/38344/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16850.rb", "reference_id": "CVE-2009-4484;OSVDB-61956", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16850.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201201-02", "reference_id": "GLSA-201201-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-02" }, { "reference_url": "https://usn.ubuntu.com/1397-1/", "reference_id": "USN-1397-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1397-1/" }, { "reference_url": "https://usn.ubuntu.com/897-1/", "reference_id": "USN-897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/897-1/" } ], "weaknesses": [ { "cwe_id": 228, "name": "Improper Handling of Syntactically Invalid Structure", "description": "The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification." }, { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." } ], "exploits": [ { "date_added": "2010-04-30", "description": "MySQL - yaSSL CertDecoder::GetName Buffer Overflow (Metasploit)", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2010-04-30", "exploit_type": "remote", "platform": "linux", "source_date_updated": "2011-03-06", "data_source": "Exploit-DB", "source_url": "http://secunia.com/advisories/38344/" }, { "date_added": null, "description": "This module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier)\n implementation bundled with MySQL. By sending a specially crafted\n client certificate, an attacker can execute arbitrary code.\n\n This vulnerability is present within the CertDecoder::GetName function inside\n \"taocrypt/src/asn.cpp\". However, the stack buffer that is written to exists\n within a parent function's stack frame.\n\n NOTE: This vulnerability requires a non-default configuration. First, the attacker\n must be able to pass the host-based authentication. Next, the server must be\n configured to listen on an accessible network interface. Lastly, the server\n must have been manually configured to use SSL.\n\n The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing\n on Windows XP SP3, these protections successfully prevented exploitation.\n\n Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is\n present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary\n package were not exploitable due to the use of the compiler's FORTIFY feature.\n\n Although suse11 was mentioned in the original blog post, the binary package they\n provide does not contain yaSSL or support SSL.", "required_action": null, "due_date": null, "notes": "Reliability:\n - unknown-reliability\nStability:\n - unknown-stability\nSideEffects:\n - unknown-side-effects\n", "known_ransomware_campaign_use": false, "source_date_published": "2010-01-25", "exploit_type": null, "platform": "Linux", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/mysql/mysql_yassl_getname.rb" } ], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4r8-e34r-pfge" }