Unrated severityNVD Advisory· Published Jun 26, 2012· Updated Jun 16, 2026
CVE-2012-2122
CVE-2012-2122
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
63cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*
- (no CPE)range: 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, 5.5.x before 5.5.23
cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*
- (no CPE)range: 5.1.x before 5.1.63, 5.5.x before 5.5.24, 5.6.x before 5.6.6
Patches
Vulnerability mechanics
References
11- seclists.org/oss-sec/2012/q2/493nvdPatch
- bugs.mysql.com/bug.phpnvdExploit
- www.securityfocus.com/bid/53911nvdExploit
- community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysqlnvdExploit
- secunia.com/advisories/49417nvdVendor Advisory
- kb.askmonty.org/en/mariadb-5162-release-notes/nvd
- lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.htmlnvd
- secunia.com/advisories/53372nvd
- security.gentoo.org/glsa/glsa-201308-06.xmlnvd
- securitytracker.com/idnvd
- www.exploit-db.com/exploits/19092nvd
News mentions
0No linked articles in our index yet.