Justin Dodge Hotblocks 6.x-1.5/6.x-1.6/6.x-1.7/6.x-1.x resource management

Summaryinfo

A vulnerability marked as problematic has been reported in Justin Dodge Hotblocks 6.x-1.5/6.x-1.6/6.x-1.7/6.x-1.x. Impacted is an unknown function. This manipulation causes resource management. This vulnerability is registered as CVE-2012-5704. No exploit is available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Justin Dodge Hotblocks 6.x-1.5/6.x-1.6/6.x-1.7/6.x-1.x and classified as problematic. Affected by this vulnerability is an unknown code. The manipulation with an unknown input leads to a resource management vulnerability. The CWE definition for the vulnerability is CWE-399. As an impact it is known to affect availability. The summary by CVE is:

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself.

The weakness was published 11/01/2012 (Website). It is possible to read the advisory at drupal.org. This vulnerability is known as CVE-2012-5704 since 10/31/2012. The attack can be launched remotely. A single authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 6.x-1.x eliminates this vulnerability.

Similar entry is available at VDB-62816. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• Justin Dodge

Name

• Hotblocks

Version

• 6.x-1.5
• 6.x-1.6
• 6.x-1.7
• 6.x-1.x

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion