CVE-2013-6048
Published: 13 December 2013
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
Priority
Status
Package | Release | Status |
---|---|---|
munin Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1.4.6-3ubuntu3.4)
|
|
quantal |
Released
(2.0.2-1ubuntu2.3)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(2.0.17-2ubuntu1.1)
|
|
upstream |
Released
(2.0.18-1)
|
|
Patches: upstream: https://github.com/munin-monitoring/munin/commit/40b5694727dfae6a56fb8989ab6fff14840ac254 upstream: https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99 |