Mediawiki : Security Vulnerabilities, CVEs, (Memory corruption) CVSS score >= 3
The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.
Max CVSS
5.0
EPSS Score
0.24%
Published
2014-05-12
Updated
2014-05-12
1 vulnerabilities found