Unrated severityNVD Advisory· Published Oct 23, 2009· Updated Jun 16, 2026
CVE-2009-3622
CVE-2009-3622
Description
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.8.4
- (no CPE)range: <2.8.5
Patches
Vulnerability mechanics
References
13- www.vupen.com/english/advisories/2009/2986nvdPatchVendor Advisory
- rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/nvdExploitIssue TrackingVendor Advisory
- seclists.org/fulldisclosure/2009/Oct/263nvdExploitMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/37088nvdThird Party Advisory
- security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.htmlnvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53884nvdThird Party AdvisoryVDB Entry
- codes.zerial.org/php/wp-trackbacks_dos.phpsnvdBroken Link
- www.osvdb.org/59077nvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.