Description
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
Remediation
References
Related Vulnerabilities
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2025-54905)
WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)
Oracle JRE CVE-2012-1717 Vulnerability (CVE-2012-1717)
WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)
Oracle Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1371)