Bug 800064 - (CVE-2012-1109) CVE-2012-1109 mwlib: denial of service when parsing #iferror magic functions
CVE-2012-1109 mwlib: denial of service when parsing #iferror magic functions
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120305,repor...
: Security
Depends On: 800067 800066
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-05 12:02 EST by Vincent Danen
Modified: 2015-07-31 11:17 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-03-05 12:02:42 EST
It was reported [1],[2] that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially-crafted #iferror magic function.  This has been corrected [3] in upstream version 0.13.5.

[1] http://groups.google.com/group/mwlib/browse_thread/thread/c2bd1cee77a8a79?hl=en
[2] http://www.google.com/url?sa=D&q=https://github.com/pediapress/mwlib/pull/10&usg=AFQjCNHgoXQUYFtEj0L8VP5K8Xn_GoTOyw
[3] https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde
Comment 1 Vincent Danen 2012-03-05 12:03:54 EST
Created python-mwlib tracking bugs for this issue

Affects: fedora-all [bug 800066]
Affects: epel-5 [bug 800067]
Comment 2 Vincent Danen 2012-03-05 12:07:39 EST
CVE request: http://www.openwall.com/lists/oss-security/2012/03/05/16

Note You need to log in before you can comment on or make changes to this bug.