Design/Logic Flaw

2012-11-0110:44:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the “administer hotblocks” permission to cause a denial of service (infinite loop and time out) via a block that references itself.

CPENameOperatorVersion
hotblockseq6.120.15
hotblockseq6.120.16
hotblockseq6.120.17
hotblockseq6.x-1.x dev

Name	Operator	Version
hotblocks	eq	6.120.15
hotblocks	eq	6.120.16
hotblocks	eq	6.120.17
hotblocks	eq	6.x-1.x dev

References

www.madirish.net/543

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

drupal.org/node/1732828

drupal.org/node/1732946