CVE-2012-1588
Drupal 7.x < 7.14 - Authenticated Denial of Service via Long Email Address in Text Filtering
Title source: llmDescription
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commit/db79496ae983447506f016a20738c3d7e5d059fa
Patch x_refsource_confirm
http://drupal.org/drupal-7.14
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49012
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1557938
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53368
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1558468
Scores
EPSS
0.0063
EPSS Percentile
70.5%
Details
CWE
CWE-399
Status
published
Products (15)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 5 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026