Lucene search

[email protected]NVD:CVE-2012-5643

HistoryDec 20, 2012 - 12:02 p.m.

CVE-2012-5643

2012-12-2012:02:19

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.4 High

AI Score

Confidence

High

0.964 High

EPSS

Percentile

99.6%

JSON

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Affected configurations

NVD

Node

squid-cachesquidMatch2.0

squid-cachesquidMatch2.1

squid-cachesquidMatch2.2

squid-cachesquidMatch2.3

squid-cachesquidMatch2.4

squid-cachesquidMatch2.5

squid-cachesquidMatch2.6

squid-cachesquidMatch2.7

squid-cachesquidMatch2.7stable3

squid-cachesquidMatch2.7stable4

Node

squid-cachesquidMatch3.0

squid-cachesquidMatch3.0-pre1

squid-cachesquidMatch3.0-pre2

squid-cachesquidMatch3.0-pre3

squid-cachesquidMatch3.0-pre4

squid-cachesquidMatch3.0-pre5

squid-cachesquidMatch3.0-pre6

squid-cachesquidMatch3.0-pre7

squid-cachesquidMatch3.0rc4

squid-cachesquidMatch3.0.stable1

squid-cachesquidMatch3.0.stable2

squid-cachesquidMatch3.0.stable3

squid-cachesquidMatch3.0.stable4

squid-cachesquidMatch3.0.stable5

squid-cachesquidMatch3.0.stable6

squid-cachesquidMatch3.0.stable7

squid-cachesquidMatch3.0.stable8

squid-cachesquidMatch3.0.stable9

squid-cachesquidMatch3.0.stable10

squid-cachesquidMatch3.0.stable11

squid-cachesquidMatch3.0.stable11rc1

squid-cachesquidMatch3.0.stable12

squid-cachesquidMatch3.0.stable13

squid-cachesquidMatch3.0.stable14

squid-cachesquidMatch3.0.stable15

squid-cachesquidMatch3.0.stable16

squid-cachesquidMatch3.0.stable16rc1

squid-cachesquidMatch3.0.stable17

squid-cachesquidMatch3.0.stable18

squid-cachesquidMatch3.0.stable19

squid-cachesquidMatch3.0.stable20

squid-cachesquidMatch3.0.stable21

squid-cachesquidMatch3.0.stable22

squid-cachesquidMatch3.0.stable23

squid-cachesquidMatch3.0.stable24

squid-cachesquidMatch3.0.stable25

squid-cachesquidMatch3.1

squid-cachesquidMatch3.1.0.1

squid-cachesquidMatch3.1.0.2

squid-cachesquidMatch3.1.0.3

squid-cachesquidMatch3.1.0.4

squid-cachesquidMatch3.1.0.5

squid-cachesquidMatch3.1.0.6

squid-cachesquidMatch3.1.0.7

squid-cachesquidMatch3.1.0.8

squid-cachesquidMatch3.1.0.9

squid-cachesquidMatch3.1.0.10

squid-cachesquidMatch3.1.0.11

squid-cachesquidMatch3.1.0.12

squid-cachesquidMatch3.1.0.13

squid-cachesquidMatch3.1.0.14

squid-cachesquidMatch3.1.0.15

squid-cachesquidMatch3.1.0.16

squid-cachesquidMatch3.1.0.17

squid-cachesquidMatch3.1.0.18

squid-cachesquidMatch3.1.1

squid-cachesquidMatch3.1.2

squid-cachesquidMatch3.1.10

squid-cachesquidMatch3.1.11

squid-cachesquidMatch3.1.12

squid-cachesquidMatch3.1.13

squid-cachesquidMatch3.1.14

squid-cachesquidMatch3.1.15

squid-cachesquidMatch3.1.16

squid-cachesquidMatch3.1.17

squid-cachesquidMatch3.1.18

squid-cachesquidMatch3.1.19

squid-cachesquidMatch3.1.20

squid-cachesquidMatch3.1.21

Node

squid-cachesquidMatch3.2.0.1

squid-cachesquidMatch3.2.0.2

squid-cachesquidMatch3.2.0.3

squid-cachesquidMatch3.2.0.4

squid-cachesquidMatch3.2.0.5

squid-cachesquidMatch3.2.0.6

squid-cachesquidMatch3.2.0.7

squid-cachesquidMatch3.2.0.8

squid-cachesquidMatch3.2.0.9

squid-cachesquidMatch3.2.0.10

squid-cachesquidMatch3.2.0.11

squid-cachesquidMatch3.2.0.12

squid-cachesquidMatch3.2.0.13

squid-cachesquidMatch3.2.0.14

squid-cachesquidMatch3.2.0.15

squid-cachesquidMatch3.2.0.16

squid-cachesquidMatch3.2.0.17

squid-cachesquidMatch3.2.0.18

squid-cachesquidMatch3.2.0.19

squid-cachesquidMatch3.2.1

squid-cachesquidMatch3.2.2

squid-cachesquidMatch3.2.3

Node

squid-cachesquidMatch3.3.0.1

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

lists.opensuse.org/opensuse-updates/2013-01/msg00052.html

lists.opensuse.org/opensuse-updates/2013-01/msg00075.html

lists.opensuse.org/opensuse-updates/2013-09/msg00025.html

lists.opensuse.org/opensuse-updates/2013-09/msg00032.html

openwall.com/lists/oss-security/2012/12/17/4

rhn.redhat.com/errata/RHSA-2013-0505.html

secunia.com/advisories/52024

secunia.com/advisories/54839

ubuntu.com/usn/usn-1713-1

www.debian.org/security/2013/dsa-2631

www.mandriva.com/security/advisories?name=MDVSA-2013:129

www.securitytracker.com/id?1027890

www.squid-cache.org/Advisories/SQUID-2012_1.txt

www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch

www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch

bugs.gentoo.org/show_bug.cgi?id=447596

bugzilla.redhat.com/show_bug.cgi?id=887962

wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.4 High

AI Score

Confidence

High

0.964 High

EPSS

Percentile

99.6%

JSON

Related for NVD:CVE-2012-5643

nessus25 openvas26 debiancve2 prion2 veracode1 cvelist2 redhat1 fedora6 checkpoint_advisories1 altlinux1 cve2 centos1 oraclelinux1 securityvulns2 debian1 freebsd1 seebug1 nvd1 ubuntucve2 ubuntu1 osv1 gentoo1 suse2