CVE-2013-4570

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.10 MediaWiki versions 1.20.x MediaWiki versions 1.21.x prior to 1.21.4 MediaWiki versions 1.22.x prior to 1.22.1

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved by converting specific Lua data structures to PHP, such as passing { [{}] = 1 } to a module function.

Recommendations For MediaWiki versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki versions 1.20.x, update to version 1.21.4 or later, as 1.20.x is not directly patchable and has reached end-of-life. For MediaWiki versions 1.21.x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.