Buffer overflow in Squid-cache Squid

CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012…

Vulnerability class: Buffer Overflow

EPSS: 0.697 (98.7th percentile) — read the EPSS interpretation.

Affected products

Squid-cache Squid — versions 3.1, 3.1.0.1, 3.1.0.2
Canonical Ubuntu_linux — versions 10.04, 11.10, 12.04
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (Patch, x_refsource_MISC)
DSA-2631 (vendor-advisory, x_refsource_DEBIAN)
MDVSA-2013:129 (vendor-advisory, x_refsource_MANDRIVA)
USN-1713-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
SUSE-SU-2016:1996 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_MISC)
openSUSE-SU-2013:1443 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (Patch, x_refsource_MISC)