CVE-2013-4570

medium

Description

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

References

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

https://bugzilla.wikimedia.org/show_bug.cgi?id=54527

Details

Source: Mitre, NVD

Published: 2014-05-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium