CVE-2020-25630

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25630

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25630.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25630

Aliases

Downstream

UBUNTU-CVE-2020-25630

Published

2020-12-08T01:15:11.820Z

Modified

2026-03-13T00:37:26.585Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

References

https://moodle.org/mod/forum/discuss.php?d=410842

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Fixed

598064e4d9958b22e8b8c81016440b1aea48771e

Introduced

89457b26d192c06325bb6782b85d1025dafbefe9

Fixed

f6e37fe19539b61afd3beb8685ffbff028e4ddf5

Introduced

f968cd44e8ee5d54b1bc56823040ff770dbf18af

Fixed

b21d86f807d355a3773a9b084d2ddb80c5e6b7ec

Introduced

500c131eb49771e36f68d151dfa37fef5a9bc2df

Fixed

ccd4ef8ddd03d98b84e3231866b8b1e024dab1db

Database specific

{
    "versions": [
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.14"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "fixed": "3.7.8"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.5"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.2"
        }
    ]
}

Affected versions

v3.*

v3.5.0

v3.5.1

v3.5.10

v3.5.11

v3.5.12

v3.5.13

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.9.0

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v3.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25630.json"