CVE-2012-5643

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
squid-cachesquid
2.0
squid-cachesquid
2.1
squid-cachesquid
2.2
squid-cachesquid
2.3
squid-cachesquid
2.4
squid-cachesquid
2.5
squid-cachesquid
2.6
squid-cachesquid
2.7
squid-cachesquid
2.7:stable3
squid-cachesquid
2.7:stable4
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0
squid-cachesquid
3.0:rc4
squid-cachesquid
3.0.stable1:stable1
squid-cachesquid
3.0.stable2:stable2
squid-cachesquid
3.0.stable3:stable3
squid-cachesquid
3.0.stable4:stable4
squid-cachesquid
3.0.stable5:stable5
squid-cachesquid
3.0.stable6:stable6
squid-cachesquid
3.0.stable7:stable7
squid-cachesquid
3.0.stable8:stable8
squid-cachesquid
3.0.stable9:stable9
squid-cachesquid
3.0.stable10:stable10
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable12:stable12
squid-cachesquid
3.0.stable13:stable13
squid-cachesquid
3.0.stable14:stable14
squid-cachesquid
3.0.stable15:stable15
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable17:stable17
squid-cachesquid
3.0.stable18:stable18
squid-cachesquid
3.0.stable19:stable19
squid-cachesquid
3.0.stable20:stable20
squid-cachesquid
3.0.stable21:stable21
squid-cachesquid
3.0.stable22:stable22
squid-cachesquid
3.0.stable23:stable23
squid-cachesquid
3.0.stable24:stable24
squid-cachesquid
3.0.stable25:stable25
squid-cachesquid
3.1
squid-cachesquid
3.1.0.1
squid-cachesquid
3.1.0.2
squid-cachesquid
3.1.0.3
squid-cachesquid
3.1.0.4
squid-cachesquid
3.1.0.5
squid-cachesquid
3.1.0.6
squid-cachesquid
3.1.0.7
squid-cachesquid
3.1.0.8
squid-cachesquid
3.1.0.9
squid-cachesquid
3.1.0.10
squid-cachesquid
3.1.0.11
squid-cachesquid
3.1.0.12
squid-cachesquid
3.1.0.13
squid-cachesquid
3.1.0.14
squid-cachesquid
3.1.0.15
squid-cachesquid
3.1.0.16
squid-cachesquid
3.1.0.17
squid-cachesquid
3.1.0.18
squid-cachesquid
3.1.1
squid-cachesquid
3.1.2
squid-cachesquid
3.1.10
squid-cachesquid
3.1.11
squid-cachesquid
3.1.12
squid-cachesquid
3.1.13
squid-cachesquid
3.1.14
squid-cachesquid
3.1.15
squid-cachesquid
3.1.16
squid-cachesquid
3.1.17
squid-cachesquid
3.1.18
squid-cachesquid
3.1.19
squid-cachesquid
3.1.20
squid-cachesquid
3.1.21
squid-cachesquid
3.2.0.1
squid-cachesquid
3.2.0.2
squid-cachesquid
3.2.0.3
squid-cachesquid
3.2.0.4
squid-cachesquid
3.2.0.5
squid-cachesquid
3.2.0.6
squid-cachesquid
3.2.0.7
squid-cachesquid
3.2.0.8
squid-cachesquid
3.2.0.9
squid-cachesquid
3.2.0.10
squid-cachesquid
3.2.0.11
squid-cachesquid
3.2.0.12
squid-cachesquid
3.2.0.13
squid-cachesquid
3.2.0.14
squid-cachesquid
3.2.0.15
squid-cachesquid
3.2.0.16
squid-cachesquid
3.2.0.17
squid-cachesquid
3.2.0.18
squid-cachesquid
3.2.0.19
squid-cachesquid
3.2.1
squid-cachesquid
3.2.2
squid-cachesquid
3.2.3
squid-cachesquid
3.3.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
raring
dne
quantal
dne
precise
dne
oneiric
not-affected
lucid
Fixed 2.7.STABLE7-1ubuntu12.6
released
hardy
ignored
squid3
raring
Fixed 3.1.20-1ubuntu2
released
quantal
Fixed 3.1.20-1ubuntu1.1
released
precise
Fixed 3.1.19-1ubuntu3.12.04.2
released
oneiric
Fixed 3.1.14-1ubuntu0.3
released
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
http://openwall.com/lists/oss-security/2012/12/17/4
http://rhn.redhat.com/errata/RHSA-2013-0505.html
http://secunia.com/advisories/52024
http://secunia.com/advisories/54839
http://ubuntu.com/usn/usn-1713-1
http://www.debian.org/security/2013/dsa-2631
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
http://www.securitytracker.com/id?1027890
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
https://bugs.gentoo.org/show_bug.cgi?id=447596
https://bugzilla.redhat.com/show_bug.cgi?id=887962
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
http://openwall.com/lists/oss-security/2012/12/17/4
http://rhn.redhat.com/errata/RHSA-2013-0505.html
http://secunia.com/advisories/52024
http://secunia.com/advisories/54839
http://ubuntu.com/usn/usn-1713-1
http://www.debian.org/security/2013/dsa-2631
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
http://www.securitytracker.com/id?1027890
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
https://bugs.gentoo.org/show_bug.cgi?id=447596
https://bugzilla.redhat.com/show_bug.cgi?id=887962
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368