Unrated severityNVD Advisory· Published Jun 26, 2012· Updated Apr 29, 2026
CVE-2012-2122
CVE-2012-2122
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Affected products
61cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- seclists.org/oss-sec/2012/q2/493nvdPatch
- bugs.mysql.com/bug.phpnvdExploit
- www.securityfocus.com/bid/53911nvdExploit
- community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysqlnvdExploit
- secunia.com/advisories/49417nvdVendor Advisory
- kb.askmonty.org/en/mariadb-5162-release-notes/nvd
- lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.htmlnvd
- secunia.com/advisories/53372nvd
- security.gentoo.org/glsa/glsa-201308-06.xmlnvd
- securitytracker.com/idnvd
- www.exploit-db.com/exploits/19092nvd
News mentions
0No linked articles in our index yet.