CVE-2006-6017Uncontrolled Resource Consumption in Wordpress

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
6.5MEDIUMCNA
No vector
EPSS
2.8%
top 13.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedNov 21
Latest updateMay 1

Description

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

Affected Packages2 packages

debiandebian/wordpress< wordpress 2.0.5-0.1 (bookworm)
Debianwordpress/wordpress< 2.0.5-0.1+3

🔴Vulnerability Details

3
GHSA
GHSA-57qp-9wm8-fgr9: WordPress before 22022-05-01
OSV
CVE-2006-6017: WordPress before 22006-11-21
CVEList
CVE-2006-6017: WordPress before 22006-11-21

📋Vendor Advisories

1
Debian
CVE-2006-6017: wordpress - WordPress before 2.0.5 does not properly store a profile containing a string rep...2006

💬Community

1
Bugzilla
vulnerable for DoS and info. leak2006-12-27