CVE-2022-34750
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.
Se ha detectado un problema en MediaWiki versiones hasta 1.38.1. La longitud del lema de un lexema de Wikibase está actualmente limitada a mil caracteres. Desafortunadamente, esta longitud no es comprobada, lo que permite crear lexemas mucho más grandes, lo que introduce varios vectores de ataque de denegación de servicio en las extensiones Wikibase y WikibaseLexeme. Esto está relacionado con Special:NewLexeme y Special:NewProperty
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-28 CVE Reserved
- 2022-06-28 CVE Published
- 2024-02-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (3)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | <= 1.38.1 Search vendor "Mediawiki" for product "Mediawiki" and version " <= 1.38.1" | - |
Affected
| ||||||