CVE-2021-36125

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36

Description: An issue was discovered in the CentralAuth extension. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).

Recommendations: For MediaWiki versions through 1.36, consider restricting the MaxNameChars configuration value to prevent usernames from exceeding the maximum allowed length, thereby mitigating the risk of infinite loops and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-36125

CVE-2021-36125

Affected Products

Alt Linux

Mediawiki

CVE-2021-36125

Weakness Enumeration

Related Identifiers

Affected Products

References · 7