QwikSec

Security Database

CVE

CWE

Training

CVE-2022-34750

Published: Jun 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://phabricator.wikimedia.org/T308659

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742

x_refsource_MISC

https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.