Description

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

Remediation

References

CVE-2013-4570

Related Vulnerabilities

XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-32068)

PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)

Oracle JRE CVE-2012-0499 Vulnerability (CVE-2012-0499)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.0.0)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11587)

Severity

Medium

Classification

CVE-2013-4570

Tags

Missing Update Known Vulnerabilities