An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. References: https://phabricator.wikimedia.org/T277380 https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1995203]
None of the Red Hat products are affected by this vulnerability, as the Oauth extension is distributed separately for MediaWiki and not included by default in any Red Hat products. Patch / code changes can be found at the OAuth extension - https://phabricator.wikimedia.org/rEOAU420a837a2df4c1c61e7efe2c0ac952f548dde2a8
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-31556