DSA-2630-1 squid3 -- denial of serviceID: oval:org.secpod.oval:def:600973 | Date: (C)2013-02-26 (M)2023-02-20 |
Class: PATCH | Family: unix |
Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: CVE-2012-5643 squid"s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. CVE-2013-0189 The original patch for CVE-2012-5643 was incomplete. A remote attacker still could exploit this flaw to perform a denial of service attack.