Description

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25630

Related Vulnerabilities

Oracle JRE CVE-2018-2637 Vulnerability (CVE-2018-2637)

LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5573)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-15171)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.25)

WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Scripting (4.7.1)

Severity

High

Classification

CVE-2020-25630 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities