CVE-2022-34750

EPSS 0.45%
Veröffentlicht 28.06.2022 13:15:12
Zuletzt bearbeitet 21.11.2024 07:10:07
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version <= 1.38.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.63

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742

Vendor Advisory

https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9

Vendor Advisory

https://phabricator.wikimedia.org/T308659

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-34750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34750

EUVD