Boletines de Vulnerabilidades

MSA-20-0014: Denial of service risk in file picker unzip functionality


Información sobre el sistema

   
Software afectado PHP

Descripción

von Michael Hawkins. The decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Ivan NovichkovCVE identifier:CVE-2020-25630Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=410842&parent=1657004

Identificadores estándar

Propiedad Valor
CVE CVE-2020-25630.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2020-09-22

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT