CVE-2011-4957
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2011-4957
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-4957.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2011-4957
- Published
- 2012-06-27T21:55:02Z
- Modified
- 2025-04-11T00:51:21Z
- Downstream
- Summary
- [none]
- Details
-
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
- References
-
- http://secunia.com/advisories/44038
- http://secunia.com/advisories/49138
- http://www.debian.org/security/2012/dsa-2470
- http://core.trac.wordpress.org/ticket/16892
- http://wordpress.org/news/2011/04/wordpress-3-1-1/
- http://www.openwall.com/lists/oss-security/2012/04/19/17
- http://www.openwall.com/lists/oss-security/2012/04/19/6
- https://security-tracker.debian.org/tracker/CVE-2011-4957
Affected packages
Debian:11 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:12 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:13 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source