Description

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.

Remediation

References

CVE-2012-5614

Related Vulnerabilities

Moodle Improper Input Validation Vulnerability (CVE-2021-3943)

WordPress Plugin DukaPress Directory Traversal (2.5.2)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24620)

WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)

Severity

Medium

Classification

CVE-2012-5614 CWE-20

Tags

Missing Update Known Vulnerabilities