CVE-2012-5643

Metadata

medium
5.0
squid, squid3
CVE-2012-5643
cve.mitre.org, openwall.com, squid-cache.org, ubuntu.com, bugs.debian.org
2012-12-20
2017-06-16 19:01
Moderate CentOS squid Update
CVE-2012-5643 squid
CVE-2012-5643 squid3
2017-06-14 23:56
2017-04-01 20:16
2017-01-05 18:40

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
devel squid3 3.1.20-1ubuntu2
lucid squid 2.7.STABLE7-1ubuntu12.6
oneiric squid3 3.1.14-1ubuntu0.3
precise squid3 3.1.19-1ubuntu3.12.04.2
quantal squid3 3.1.20-1ubuntu1.1
raring squid3 3.1.20-1ubuntu2
upstream squid 3.2.4,3.3.0.2
squid3 3.2.4,3.3.0.2

Unaffected

Release Package Reason
hardy squid ignored
squid3 ignored
oneiric squid not-affected
precise squid DNE
quantal squid DNE
raring squid DNE
devel squid DNE
lucid squid3 ignored