Vulnerability Bulletins

MSA-24-0001: Denial of service risk in file picker unzip functionality

System information

Affected software PHP


por Michael Hawkins. Insufficient file size checks resulted in a denial of service risk in the file pickers unzip functionality.Severity/Risk:SeriousVersions affected:4.3 to 4.3.2, 4.2 to 4.2.5, 4.1 to 4.1.8 and earlier unsupported versionsVersions fixed:4.3.3, 4.2.6 and 4.1.9Reported by:Sam EzehCVE identifier:CVE-2024-25978Changes (master): issue:MDL-74641 Denial of service risk in file picker

More info:

Standar resources

Property Value
CVE CVE-2024-25978.

Version history

Version Comments Date
Ministerio de Defensa