Description

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

Remediation

References

CVE-2013-4570

Related Vulnerabilities

Python Integer Overflow or Wraparound Vulnerability (CVE-2008-1679)

WordPress Plugin wpcu3er 'ajaxReq.php' Arbitrary File Upload (0.55)

WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)

WordPress Plugin GTM4WP Cross-Site Scripting (1.9)

ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)

Severity

Medium

Classification

CVE-2013-4570

Tags

Missing Update Known Vulnerabilities