Wikimedia Scribunto Memory Leak Vulnerability Leading to Denial-of-Service

A memory leak vulnerability has been identified in the Wikimedia Foundation's Scribunto extension, specifically in versions 1.45.0 prior to 1.45.2. This vulnerability causes the 'runJobs.php' script to exhaust available memory, leading to a fatal error and disruption of normal operations. The issue arises from a change in how engine objects are managed, creating a reference cycle that prevents proper garbage collection.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by exhausting the PHP memory limit, leading to a fatal error and interruption of the job processing system.

Reproduction

To reproduce this vulnerability, create a module that generates a large string to consume memory. Then, invoke this module multiple times to create several jobs. Finally, run 'runJobs.php' with the 'refreshLinks' type, which will process the jobs and cause the memory leak to accumulate until the PHP memory limit is reached, resulting in a fatal error.

Remediation

Users can update to Scribunto version 1.45.2 or later, where this memory leak has been addressed.