PT-2021-3117 · Moodle+1 · Moodle+1
Ben Samtleben
·
Published
2021-05-10
·
Updated
2024-03-06
·
CVE-2021-32476
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.5 to 3.5.17
Moodle versions 3.8 to 3.8.8
Moodle versions 3.9 to 3.9.6
Moodle versions 3.10 to 3.10.3
Description
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. This issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service.
Recommendations
For Moodle versions 3.5 to 3.5.17, update to a version that respects user file upload limits to prevent denial-of-service attacks.
For Moodle versions 3.8 to 3.8.8, update to a version that respects user file upload limits to prevent denial-of-service attacks.
For Moodle versions 3.9 to 3.9.6, update to a version that respects user file upload limits to prevent denial-of-service attacks.
For Moodle versions 3.10 to 3.10.3, update to a version that respects user file upload limits to prevent denial-of-service attacks.
As a temporary workaround, consider restricting access to the draft files area until a patch is available.
Fix
DoS
Allocation of Resources Without Limits
RCE
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle