CVE-2012-5643Improper Input Validation in Squid

CWE-20Improper Input ValidationCWE-401Missing Release of Memory after Effective Lifetime12 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
33.2%
top 3.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SquidSquid-cache Squid
Timeline
PublishedDec 20
Latest updateMay 17

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiansquid/squid< 2.7.STABLE9-2+3
NVDsquid-cache/squid90 versions+89

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.orgPatch: www.squid-cache.org

🔴Vulnerability Details

3
GHSA
GHSA-pq8w-rcmc-8xgj: Multiple memory leaks in tools/cachemgr2022-05-17
CVEList
CVE-2012-5643: Multiple memory leaks in tools/cachemgr2012-12-20
OSV
CVE-2012-5643: Multiple memory leaks in tools/cachemgr2012-12-20

📋Vendor Advisories

4
Ubuntu
Squid vulnerabilities2013-01-31
Red Hat
squid: Incomplete fix for the CVE-2012-5643 issue2013-01-01
Red Hat
squid: cachemgr.cgi memory usage DoS and memory leaks2012-12-17
Debian
CVE-2012-5643: squid - Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x ...2012

💬Community

4
Bugzilla
CVE-2013-0189 squid: Incomplete fix for the CVE-2012-5643 issue [fedora-all]2013-01-16
Bugzilla
CVE-2013-0189 squid: Incomplete fix for the CVE-2012-5643 issue2013-01-16
Bugzilla
CVE-2012-5643 squid: cachemgr.cgi memory usage DoS and memory leaks2012-12-17
Bugzilla
CVE-2012-5643 squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks [fedora-16]2012-12-17
CVE-2012-5643 — Improper Input Validation in Squid | cvebase