sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0819)