The Oracle MySQL sql/password.c in 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and** MariaDB** in 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of thememcmp function.
Impact
This issue may allow remote attackers to bypass authentication by repeatedly attempting to authenticate with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly checked return value.