CVE-2013-6048
munin - denial of service
EPSS 0.54%
Description
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
How to fix CVE-2013-6048
To remediate CVE-2013-6048, upgrade the affected package to a fixed version below.
- Debian/munin—upgrade to 2.0.18-1 or later
- Debian/munin—upgrade to 2.0.6-4+deb7u2 or later
Is CVE-2013-6048 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.0.18-1
- from 0, < 2.0.6-4+deb7u2