CVE-2012-2147Munin vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Munin-monitoring MuninDebian Munin
Timeline
PublishedAug 26
Latest updateMay 17

Description

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/munin< munin 2.0~rc6-1 (bookworm)
Debianmunin-monitoring/munin< 2.0~rc6-1+3

🔴Vulnerability Details

2
GHSA
GHSA-8h28-5hcj-h4qw: munin-cgi-graph in Munin 22022-05-17
OSV
CVE-2012-2147: munin-cgi-graph in Munin 22012-08-26

📋Vendor Advisories

1
Debian
CVE-2012-2147: munin - munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of se...2012

💬Community

1
Bugzilla
CVE-2012-2147 munin: DoS (excessive memory / storage usage) via crafted image dimensions present in query string2012-04-30