{"id":"CVE-2008-6549","details":"The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.","aliases":["GHSA-wjjc-m3fc-fcm8","PYSEC-2009-12"],"modified":"2024-11-25T22:42:05.365810Z","published":"2009-03-30T01:30:00Z","withdrawn":"2024-06-30T15:58:53.063267Z","references":[{"type":"ADVISORY","url":"http://moinmo.in/SecurityFixes"},{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"},{"type":"WEB","url":"http://osvdb.org/48876"}],"affected":[{"package":{"name":"moin","ecosystem":"Debian:10","purl":"pkg:deb/debian/moin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.2-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-6549.json"}}],"schema_version":"1.7.3"}