{"id":"PYSEC-2009-12","details":"The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.","aliases":["CVE-2008-6549","GHSA-wjjc-m3fc-fcm8"],"modified":"2024-11-25T22:42:05.365810Z","published":"2009-03-30T01:30:00Z","references":[{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"},{"type":"ADVISORY","url":"http://moinmo.in/SecurityFixes"},{"type":"WEB","url":"http://osvdb.org/48876"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.1"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-12.yaml"}}],"schema_version":"1.7.3"}