CVE-2012-5643

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 20-12-2012 01:02

Last modified: - 04-10-2022 08:28

Total changes: - 2

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

https://bugs.gentoo.org/show_bug.cgi?id=447596
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
https://bugzilla.redhat.com/show_bug.cgi?id=887962
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
[oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks-
openSUSE-SU-2013:0186-
openSUSE-SU-2013:0162-
52024-
USN-1713-1-
RHSA-2013:0505-
DSA-2631-
1027890-
openSUSE-SU-2013:1436-
54839-
openSUSE-SU-2013:1443-
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
MDVSA-2013:129-
SUSE-SU-2016:2089-
SUSE-SU-2016:1996-

Keywords

CVE-2012-5643

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-5643

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures