Description
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
Remediation
References
Related Vulnerabilities
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.31)
WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Cross-Site Request Forgery (2.18.1)
OpenSSL Other Vulnerability (CVE-2003-0851)
WordPress Plugin Easy Updates Manager Privilege Escalation (8.0.4)
Oracle Application Server Other Vulnerability (CVE-2006-5356)