CVE-2008-6549 — Uncontrolled Resource Consumption in Moinmoin

CWE-400 — Uncontrolled Resource Consumption4 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmo Moinmoin

Timeline

PublishedMar 30

Latest updateMay 17

Description

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmoinmo/moinmoin1.6.1

🔴Vulnerability Details

GHSA

MoinMoin Denial of Service vulnerability via password_checker function↗2022-05-17

▶

OSV

MoinMoin Denial of Service vulnerability via password_checker function↗2022-05-17

▶

OSV

CVE-2008-6549: The password_checker function in config/multiconfig↗2009-03-30

▶