CVE-2012-4885Improper Handling of Syntactically Invalid Structure in Mediawiki

CWE-228Improper Handling of Syntactically Invalid StructureCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.2%
top 21.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiDrupal
Timeline
PublishedSep 9
Latest updateMay 17

Description

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.19.0-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.19.0-1+3
NVDmediawiki/mediawiki7 versions+6
drupaldrupal/drupal

🔴Vulnerability Details

2
GHSA
GHSA-cw9f-6pvh-rr9x: The wikitext parser in MediaWiki 12022-05-17
OSV
CVE-2012-4885: The wikitext parser in MediaWiki 12012-09-09

📋Vendor Advisories

3
Red Hat
php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix2012-02-02
Drupal
Hash DOS attack prevention with Suhosin needs a .htaccess edit - PSA-2012-0012012-01-11
Debian
CVE-2012-4885: mediawiki - The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 a...2012

💬Community

1
Bugzilla
CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix [fedora-all]2012-02-02
CVE-2012-4885 — Debian Mediawiki vulnerability | cvebase