Description

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Remediation

References

CVE-2010-3835

Related Vulnerabilities

LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000659)

Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)

WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)

WordPress Plugin Check & Log Email Cross-Site Scripting (1.0.3)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3659)

Severity

Medium

Classification

CVE-2010-3835

Tags

Missing Update Known Vulnerabilities