oss-sec mailing list archives

Re: CVE request: mwlib < 0.13.5 DoS flaw

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 05 Mar 2012 14:54:54 -0700

On 03/05/2012 10:06 AM, Vincent Danen wrote:

Could a CVE be assigned to the following please?

It was reported that mwlib suffered from a flaw that could allow a
remote attacker to perform a denial of service attack on a mwlib
installation by forcing it to parse a specially-crafted #iferror magic
function.  This has been corrected in upstream version 0.13.5.

References:

http://groups.google.com/group/mwlib/browse_thread/thread/c2bd1cee77a8a79?hl=en

http://www.google.com/url?sa=D&q=https://github.com/pediapress/mwlib/pull/10&usg=AFQjCNHgoXQUYFtEj0L8VP5K8Xn_GoTOyw

https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde

https://bugzilla.redhat.com/show_bug.cgi?id=800064


Please use CVE-2012-1109 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Current thread:

CVE request: mwlib < 0.13.5 DoS flaw Vincent Danen (Mar 05)
- Re: CVE request: mwlib < 0.13.5 DoS flaw Kurt Seifried (Mar 05)