Loading
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Use CWE-287, Oracle vendor hub and Mysql product page to widen CVE-2012-2122 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-21964, CVE-2025-50102 and CVE-2025-50101 for nearby disclosures in the same product family.