CVE-2013-6048

Public on 2013-12-13

Modified on 2014-09-18

Description

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.

Severity

Medium

See what this means

CVSS v3 Base Score

5.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	munin	2014-01-14	ALAS-2014-275
Amazon Linux 1	munin	2014-06-03	ALAS-2014-348

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2013-6048 Mitre: CVE-2013-6048