CVE-2012-2122
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.058
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| MySQL database (USN-1467-1) mysql-server-5.5_5.5.46-0ubuntu0.12.04.2_i386.deb | Linux |
| MySQL database (USN-1467-1) mysql-server-5.5_5.5.46-0ubuntu0.12.04.2_amd64.deb | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-5.0.95-5.el5_9.i386.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-5.0.95-5.el5_9.x86_64.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-bench-5.0.95-5.el5_9.i386.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-bench-5.0.95-5.el5_9.x86_64.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-devel-5.0.95-5.el5_9.i386.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-devel-5.0.95-5.el5_9.x86_64.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-server-5.0.95-5.el5_9.i386.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-server-5.0.95-5.el5_9.x86_64.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-test-5.0.95-5.el5_9.i386.rpm | Linux |
| (RHSA-2013:0180) Important: mysql security update mysql-test-5.0.95-5.el5_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234