CVE-2021-31555 – This vulnerability in MediaWiki's OAuth extensi... (How to Fix)

📋 TL;DR

This vulnerability in MediaWiki's OAuth extension allows attackers to submit overly long oarc_version parameters, potentially causing buffer overflows or denial of service. It affects MediaWiki installations using the OAuth extension through version 1.35.2. Attackers could exploit this to crash the service or execute arbitrary code.

💻 Affected Systems

Products:

MediaWiki with OAuth extension

Versions: MediaWiki through 1.35.2

Operating Systems: All platforms running MediaWiki

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the OAuth extension enabled

📦 What is this software?

Mediawiki by Mediawiki

View all CVEs affecting Mediawiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise

🟠

Likely Case

Denial of service through application crashes or instability

🟢

If Mitigated

Minimal impact with proper input validation and length restrictions

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires OAuth endpoint access; complexity depends on specific buffer overflow implementation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.35.3 or later

Vendor Advisory: https://phabricator.wikimedia.org/T277388

Restart Required: Yes

Instructions:

1. Update MediaWiki to version 1.35.3 or later
2. Apply the patch from gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d
3. Restart the web server

🔧 Temporary Workarounds

Input validation filter

all

Add custom validation to restrict oarc_version parameter length

Implement input validation in OAuth extension code to limit parameter size

WAF rule

all

Block requests with excessive oarc_version parameter length

Configure WAF to reject requests with oarc_version parameter exceeding 255 characters

🧯 If You Can't Patch

Disable OAuth extension if not required
Implement network segmentation to restrict access to OAuth endpoints

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version and OAuth extension status

Check Version:

grep -i 'version' LocalSettings.php or check MediaWiki Special:Version page

Verify Fix Applied:

Verify MediaWiki version is 1.35.3+ and check for proper input validation in OAuth code

📡 Detection & Monitoring

Log Indicators:

Unusually long parameter values in OAuth requests
Application crashes or errors related to OAuth processing

Network Indicators:

Excessive POST data to OAuth endpoints
Repeated failed OAuth requests

SIEM Query:

source="mediawiki" AND (parameter="oarc_version" AND length>255) OR error="buffer overflow"

📊 Metadata

CVE ID: CVE-2021-31555

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-20

Published: April 22, 2021

Last Updated: November 21, 2024

🔗 References

https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d Issue Tracking,Vendor Advisory
https://phabricator.wikimedia.org/T277388 Third Party Advisory
https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d Issue Tracking,Vendor Advisory
https://phabricator.wikimedia.org/T277388 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31555, you might also want to check these: