Description

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Remediation

References

CVE-2010-3838

Related Vulnerabilities

IBM WebSEAL Improper Certificate Validation Vulnerability (CVE-2019-4150)

WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)

Oracle Database Server CVE-2010-0866 Vulnerability (CVE-2010-0866)

MySQL CVE-2020-2923 Vulnerability (CVE-2020-2923)

WordPress Plugin Widget for Facebook Page Feeds Cross-Site Scripting (5.0)

Severity

Medium

Classification

CVE-2010-3838

Tags

Missing Update Known Vulnerabilities