CVE-2018-25246
Received Received - Intake
Denial of Service via Oversized Input in Wikipedia

Publication date: 2026-04-04

Last updated on: 2026-04-04

Assigner: VulnCheck

Description
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-04
Generated
2026-05-07
AI Q&A
2026-04-04
EPSS Evaluated
2026-05-05
NVD
CVE-2018-25246
EUVD
EUVD-2018-21765
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The impact of this vulnerability is a denial of service condition where the Wikipedia application crashes and becomes unavailable to users.

Since the vulnerability can be triggered by unauthenticated attackers remotely via the search bar, it can disrupt normal use of the application, causing downtime and loss of availability.


Can you explain this vulnerability to me?

This vulnerability is a denial of service (DoS) issue in Wikipedia version 12.0. It allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality.

Specifically, an attacker can paste a large buffer of repeated characters (for example, 1000 "A" characters) into the search bar, which triggers the application to crash.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to reproduce the denial of service condition on the Wikipedia 12.0 application by submitting an oversized input through the search functionality.

A practical detection method involves creating a payload of repeated characters (for example, 1000 "A" characters), copying it to the clipboard, and pasting it into the search bar of the Wikipedia app to see if the application crashes.

A simple command to generate such a payload file on a system with Python installed is:

  • python -c "print('A'*1000)" > wiki.txt

Then, open the file, copy its contents to the clipboard, and paste into the Wikipedia app search bar to test for the crash.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the denial of service vulnerability in Wikipedia 12.0, avoid submitting oversized input through the search functionality.

Specifically, do not paste or input large buffers of repeated characters into the search bar, as this triggers the application crash.

Until a patch or update is available, users should be cautious about the input size in the search field to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart