CVE-2013-4199
Plone 2.1-4.1 4.2.x-4.2.5 4.3.x-4.3.1 - Authenticated Denial of Service via Large Zip Archive Expansion
Title source: llmDescription
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=978482
Vendor Advisory x_refsource_confirm
http://plone.org/products/plone/security/advisories/20130618-announcement
Patch x_refsource_confirm
http://plone.org/products/plone-hotfix/releases/20130618
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/261
Scores
EPSS
0.0108
EPSS Percentile
61.0%
Details
CWE
CWE-20
Status
published
Products (50)
plone/plone
4.2
plone/plone
4.2.1
plone/plone
4.2.2
plone/plone
4.2.3
plone/plone
4.2.4
plone/plone
4.2.5
plone/plone
4.3
plone/plone
4.3.1
plone/plone
2.1
plone/plone
2.1.1
... and 40 more
Published
Mar 11, 2014
Tracked Since
Feb 18, 2026