CVE-2013-0189 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

72.2%

top 1.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Canonical Ubuntu Linux Squid-cache Squid

Timeline

PublishedFeb 8

Latest updateMay 5

Description

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid/squid< 2.7.STABLE9-2+3

▶NVDsquid-cache/squid59 versions+58

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: lists.fedoraproject.org ↗Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-rrh8-h9v8-p8vr: cachemgr↗2022-05-05

▶

OSV

CVE-2013-0189: cachemgr↗2013-02-08

▶

CVEList

CVE-2013-0189: cachemgr↗2013-02-08

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2013-01-31

▶

Red Hat

squid: Incomplete fix for the CVE-2012-5643 issue↗2013-01-01

▶

Debian

CVE-2013-0189: squid - cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other version...↗2013

▶

💬Community

Bugzilla

CVE-2013-0189 squid: Incomplete fix for the CVE-2012-5643 issue [fedora-all]↗2013-01-16

▶

Bugzilla

CVE-2013-0189 squid: Incomplete fix for the CVE-2012-5643 issue↗2013-01-16

▶