800064 – (CVE-2012-1109) CVE-2012-1109 mwlib: denial of service when parsing #iferror magic functions

Bug 800064 (CVE-2012-1109) - CVE-2012-1109 mwlib: denial of service when parsing #iferror magic functions

Summary: CVE-2012-1109 mwlib: denial of service when parsing #iferror magic functions

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-1109
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	800066 800067
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-05 17:02 UTC by Vincent Danen
Modified:	2021-10-19 21:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-19 21:51:48 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2012-03-05 17:02:42 UTC

It was reported [1],[2] that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially-crafted #iferror magic function.  This has been corrected [3] in upstream version 0.13.5.

[1] http://groups.google.com/group/mwlib/browse_thread/thread/c2bd1cee77a8a79?hl=en
[2] http://www.google.com/url?sa=D&q=https://github.com/pediapress/mwlib/pull/10&usg=AFQjCNHgoXQUYFtEj0L8VP5K8Xn_GoTOyw
[3] https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde

Comment 1 Vincent Danen 2012-03-05 17:03:54 UTC

Created python-mwlib tracking bugs for this issue

Affects: fedora-all [bug 800066]
Affects: epel-5 [bug 800067]

Comment 2 Vincent Danen 2012-03-05 17:07:39 UTC

CVE request: http://www.openwall.com/lists/oss-security/2012/03/05/16

Note You need to log in before you can comment on or make changes to this bug.