Description

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Remediation

References

CVE-2010-3837

Related Vulnerabilities

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)

ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-1301)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16993)

Severity

Medium

Classification

CVE-2010-3837

Tags

Missing Update Known Vulnerabilities