CVE-2013-6048
published 2013-12-13CVE-2013-6048: The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.50%
82.7th percentile
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | munin | < munin 2.0.18-1 (bookworm) | munin 2.0.18-1 (bookworm) |
| munin-monitoring | munin | <= 2.0.17 | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | >= 0 < 2.0.18-1 | 2.0.18-1 |
| munin-monitoring | munin | >= 0 < 2.0.18-1 | 2.0.18-1 |
| munin-monitoring | munin | >= 0 < 2.0.18-1 | 2.0.18-1 |
| munin-monitoring | munin | >= 0 < 2.0.18-1 | 2.0.18-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Munin vulnerabilities
vendor_ubuntu·2014-01-27·CVSS 5.0
CVE-2013-6048 [MEDIUM] Munin vulnerabilities
Title: Munin vulnerabilities
Summary: Several security issues were fixed in Munin.
Christoph Biedl discovered that Munin incorrectly handled certain
multigraph data. A remote attacker could use this issue to cause Munin to
consume resources, resulting in a denial of service. (CVE-2013-6048)
Christoph Biedl discovered that Munin incorrectly handled certain
multigraph service names. A remote attacker could use this issue to cause
Munin to stop data collection, resulting in a denial of service.
(CVE-2013-6359)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2013-6048: munin - The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2....
vendor_debian·2013·CVSS 5.0
CVE-2013-6048 [MEDIUM] CVE-2013-6048: munin - The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2....
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
Scope: local
bookworm: resolved (fixed in 2.0.18-1)
bullseye: resolved (fixed in 2.0.18-1)
forky: resolved (fixed in 2.0.18-1)
sid: resolved (fixed in 2.0.18-1)
trixie: resolved (fixed in 2.0.18-1)
GHSA
GHSA-mv2m-5r86-9xcj: The get_group_tree function in lib/Munin/Master/HTMLConfig
ghsa_unreviewed·2022-05-17
CVE-2013-6048 [MEDIUM] CWE-20 GHSA-mv2m-5r86-9xcj: The get_group_tree function in lib/Munin/Master/HTMLConfig
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
OSV
CVE-2013-6048: The get_group_tree function in lib/Munin/Master/HTMLConfig
osv·2013-12-13·CVSS 5.0
CVE-2013-6048 [MEDIUM] CVE-2013-6048: The get_group_tree function in lib/Munin/Master/HTMLConfig
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18
bugzilla·2013-12-04·CVSS 5.0
CVE-2013-6048 [MEDIUM] CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18
Christoph Biedl reported that Munin 2.0.18 fixes two denial of service flaws:
* CVE-2013-6048, a node could cause excessive memory consumption on the Munin master.
* CVE-2013-6359, a malicious plug-in could prevent data collection for the node.
References:
https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog
Discussion:
Created munin tracking bugs for this issue:
Affects: fedora-all [bug 1037889]
Affects: epel-all [bug 1037890]
---
Package munin-2.0.19-1:
* should fix your issue,
* was pushed to the Fedora + EPEL testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing munin-2.0.19-1'
as soon as you are a
Bugzilla
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [epel-all]
bugzilla·2013-12-04·CVSS 5.0
CVE-2013-6048 [MEDIUM] CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [epel-all]
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please not
Bugzilla
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [fedora-all]
bugzilla·2013-12-04·CVSS 5.0
CVE-2013-6048 [MEDIUM] CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [fedora-all]
CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note:
http://www.debian.org/security/2013/dsa-2815http://www.ubuntu.com/usn/USN-2090-1https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLoghttps://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99http://www.debian.org/security/2013/dsa-2815http://www.ubuntu.com/usn/USN-2090-1https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLoghttps://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99
2013-12-13
Published