oss-sec mailing list archives
Re: CVE request: TYPO3-EXT-SA-2014-013
From: cve-assign () mitre org
Date: Fri, 17 Oct 2014 15:10:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Can I get one 2014 CVE for following TYPO3 extension issue It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service. Affected Versions: all versions of 0.x.x, 1.0.x, 1.1.x, 1.2.x, 1.3.x, 1.4.x; 1.5.8 and below of 1.5.x; 1.6.0 Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C User input is passed to PHP's PCRE library without validating it beforehand. Depending on user input this may consume a tremendous amount of system resources.
Use CVE-2014-8325. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUQWlKAAoJEKllVAevmvmsrtcH/Rs3NVD3MTD/Ze4pOYtV//TR VdmlhkerVpCCXeUslctYqZJGrbawXjFXsBSx8V/WC4pipZjBG3fcLCZK0w33AdVo oM7voFeCoC4FXAz37+WxqPxan0nqL8qeD7vQuAfPxhZye2iKoF2Gvis1AmQl/i7C Nsrun0Q0obhEir4r7X0Tapzo6wNBHvw3GSllOHA38Z6rRqV4oDU4b0Tb0FMR15do JEqwvvd6/HRLPsEt/UxpRJm8gissMCk1v6EGQItFSMAWF749/heLaqBHYTiJCwDm CH7kb6fqNibex3fmhZNOdbV/7WAsYqpDiBlIyWwjVOdD4k44/hqpi27shIkkWHA= =yE62 -----END PGP SIGNATURE-----
Current thread:
- CVE request: TYPO3-EXT-SA-2014-013 Henri Salo (Oct 17)
- Re: CVE request: TYPO3-EXT-SA-2014-013 cve-assign (Oct 17)