Description

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Remediation

References

CVE-2010-3835

Related Vulnerabilities

WordPress Plugin WordPress Poll Multiple Unspecified Vulnerabilities (35.0)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27)

WordPress Plugin Spectra-WordPress Gutenberg Blocks Cross-Site Scripting (1.25.5)

Oracle JRE CVE-2023-21954 Vulnerability (CVE-2023-21954)

Severity

Medium

Classification

CVE-2010-3835

Tags

Missing Update Known Vulnerabilities