CVE-2024-25978
HIGHmoodle 4.1.0-4.1.8 and 4.3.0-4.3.2 - Denial of Service via File Picker Unzip Functionality
Title source: llmDescription
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
References (4)
Core 4
Core References
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=455634
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2264074
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
CWE-400
Status
published
Products (3)
fedoraproject/fedora
38
moodle/moodle
4.1.0 - 4.1.9
moodle/moodle
4.3.0 - 4.3.3Packagist
Published
Feb 19, 2024
Tracked Since
Feb 18, 2026