CVE-2024-34506

Publication date 5 May 2024

Last updated 24 July 2024

Ubuntu priority

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mediawiki	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-34506
https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
https://phabricator.wikimedia.org/T357760
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423