CVE-2014-5266

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-5266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-5266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-5266

Related

Published

2014-08-18T11:15:27Z

Modified

2024-09-18T01:00:20Z

Summary

[none]

Details

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

References

Affected packages

Debian:11 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}