← Back

CVE-2024-25978

nvd nist
Published: Feb 19, 2024Modified: Jan 23, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.

Affected (4)

Moodle
1 product
Moodle
Fedoraproject
1 product
Fedora
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
From 4.1.0 to 4.1.9
Moodle
From 4.2.0 to 4.2.6
Moodle
From 4.3.0 to 4.3.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (8)

Source: patrick@puiterwijk.org
Patch
Source: patrick@puiterwijk.org
Issue Tracking
Source: patrick@puiterwijk.org
Mailing List
Source: patrick@puiterwijk.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.