Description

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

Remediation

References

CVE-2013-4570

Related Vulnerabilities

WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3)

PleskLin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11584)

WebLogic CVE-2016-0573 Vulnerability (CVE-2016-0573)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0285)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0464)

Severity

Medium

Classification

CVE-2013-4570

Tags

Missing Update Known Vulnerabilities