PYSEC-2009-12

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-12.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2009-12

Aliases

CVE-2008-6549
GHSA-wjjc-m3fc-fcm8

Published

2009-03-30T01:30:00Z

Modified

2024-11-25T22:42:28.385100Z

Summary

[none]

Details

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

References

http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546
http://moinmo.in/SecurityFixes
http://osvdb.org/48876

Affected packages

PyPI / moin

Package

Name: moin; View open source insights on deps.dev
Purl: pkg:pypi/moin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.1