CVE-2012-5643
squid3 - denial of service
EPSS 33.2%
Description
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
How to fix CVE-2012-5643
To remediate CVE-2012-5643, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 2.7.STABLE9-2 or later
- Debian/squid3—upgrade to 3.1.6-1.2+squeeze3 or later
Is CVE-2012-5643 being exploited?
Moderate — EPSS is 33.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.7.STABLE9-2
- from 0, < 3.1.6-1.2+squeeze3