FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-5643

This CVE name corresponds to:

Entered Topic
2012-12-28 squid -- denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-5643
Phase Assigned(20121024)

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

References

Source Reference
MLIST [oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks
CONFIRM http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
CONFIRM http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
CONFIRM http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=447596
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=887962
CONFIRM https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
DEBIAN DSA-2631
MANDRIVA MDVSA-2013:129
REDHAT RHSA-2013:0505
SUSE openSUSE-SU-2013:0162
SUSE openSUSE-SU-2013:0186
SUSE openSUSE-SU-2013:1436
SUSE openSUSE-SU-2013:1443
UBUNTU USN-1713-1
SECTRACK 1027890
SECUNIA 52024
SECUNIA 54839