Description
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)
MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.9)
ownCloud Other Vulnerability (CVE-2012-5609)
WordPress Plugin Ultimate Profile Builder By CMSHelpLive Multiple Vulnerabilities (2.3.3)