CVE-2011-4957

The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
wordpresswordpress
𝑥
≤ 3.1
wordpresswordpress
0.71
wordpresswordpress
1.0
wordpresswordpress
1.0.1
wordpresswordpress
1.0.2
wordpresswordpress
1.1.1
wordpresswordpress
1.2
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.2.3
wordpresswordpress
1.2.4
wordpresswordpress
1.2.5
wordpresswordpress
1.2.5:a
wordpresswordpress
1.3
wordpresswordpress
1.3.2
wordpresswordpress
1.3.3
wordpresswordpress
1.5
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.8
wordpresswordpress
2.0.9
wordpresswordpress
2.0.10
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.2
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.3
wordpresswordpress
2.3.1
wordpresswordpress
2.3.2
wordpresswordpress
2.3.3
wordpresswordpress
2.5
wordpresswordpress
2.5.1
wordpresswordpress
2.6
wordpresswordpress
2.6.1
wordpresswordpress
2.6.2
wordpresswordpress
2.6.3
wordpresswordpress
2.6.5
wordpresswordpress
2.7
wordpresswordpress
2.7.1
wordpresswordpress
2.8
wordpresswordpress
2.8.1
wordpresswordpress
2.8.2
wordpresswordpress
2.8.3
wordpresswordpress
2.8.4
wordpresswordpress
2.8.4:a
wordpresswordpress
2.8.5
wordpresswordpress
2.8.5.1
wordpresswordpress
2.8.5.2
wordpresswordpress
2.8.6
wordpresswordpress
2.9
wordpresswordpress
2.9.1
wordpresswordpress
2.9.1.1
wordpresswordpress
2.9.2
wordpresswordpress
3.0
wordpresswordpress
3.0.1
wordpresswordpress
3.0.2
wordpresswordpress
3.0.3
wordpresswordpress
3.0.4
wordpresswordpress
3.0.5
wordpresswordpress
3.0.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://core.trac.wordpress.org/ticket/16892
http://secunia.com/advisories/44038
http://secunia.com/advisories/49138
http://wordpress.org/news/2011/04/wordpress-3-1-1/
http://www.debian.org/security/2012/dsa-2470
http://www.openwall.com/lists/oss-security/2012/04/19/17
http://www.openwall.com/lists/oss-security/2012/04/19/6
http://core.trac.wordpress.org/ticket/16892
http://secunia.com/advisories/44038
http://secunia.com/advisories/49138
http://wordpress.org/news/2011/04/wordpress-3-1-1/
http://www.debian.org/security/2012/dsa-2470
http://www.openwall.com/lists/oss-security/2012/04/19/17
http://www.openwall.com/lists/oss-security/2012/04/19/6