CVE-2018-25246
Received Received - Intake
Denial of Service via Oversized Input in Wikipedia

Publication date: 2026-04-04

Last updated on: 2026-04-04

Assigner: VulnCheck

Description
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-04
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25246
EUVD
EUVD-2018-21765
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a denial of service condition where the Wikipedia application crashes and becomes unavailable to users.

Since the vulnerability can be triggered by unauthenticated attackers remotely via the search bar, it can disrupt normal use of the application, causing downtime and loss of availability.

Executive Summary

This vulnerability is a denial of service (DoS) issue in Wikipedia version 12.0. It allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality.

Specifically, an attacker can paste a large buffer of repeated characters (for example, 1000 "A" characters) into the search bar, which triggers the application to crash.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition on the Wikipedia 12.0 application by submitting an oversized input through the search functionality.

A practical detection method involves creating a payload of repeated characters (for example, 1000 "A" characters), copying it to the clipboard, and pasting it into the search bar of the Wikipedia app to see if the application crashes.

A simple command to generate such a payload file on a system with Python installed is:

  • python -c "print('A'*1000)" > wiki.txt

Then, open the file, copy its contents to the clipboard, and paste into the Wikipedia app search bar to test for the crash.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the denial of service vulnerability in Wikipedia 12.0, avoid submitting oversized input through the search functionality.

Specifically, do not paste or input large buffers of repeated characters into the search bar, as this triggers the application crash.

Until a patch or update is available, users should be cautious about the input size in the search field to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25246. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart