CVE-2013-6048 - Vulnerability Details - OpenCVE

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Munin-monitoring	Munin

Configuration 1 [-]

OR	cpe:2.3:a:munin-monitoring:munin::::::::
	cpe:2.3:a:munin-monitoring:munin:2.0.0:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.1:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.2:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.3:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.4:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.5:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.6:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.7:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.8:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.9:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.10:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.11:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.11.1:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.12:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.13:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.14:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.15:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.16:::::::*

No data.

References

Link	Providers
http://www.debian.org/security/2013/dsa-2815
http://www.ubuntu.com/usn/USN-2090-1
https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog
https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-13T17:00:00

Updated: 2024-08-06T17:29:42.989Z

Reserved: 2013-10-08T00:00:00

Link: CVE-2013-6048

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-13T18:55:04.897

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-6048

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-25T14:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-2815", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2815"}, {"name": "USN-2090-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2090-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6048", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2815", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2815"}, {"name": "USN-2090-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2090-1"}, {"name": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"}, {"name": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99", "refsource": "CONFIRM", "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:42.989Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2815", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2815"}, {"name": "USN-2090-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2090-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6048", "datePublished": "2013-12-13T17:00:00", "dateReserved": "2013-10-08T00:00:00", "dateUpdated": "2024-08-06T17:29:42.989Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A8FC49B-D915-4401-86C8-A29E6DF73B86", "versionEndIncluding": "2.0.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FBEFB6B1-7A5F-4C37-8C84-BF92A024A840", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "16EFB096-6739-4952-B921-1CD83E8140F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA938C8-06F1-4DD7-B26A-4219DDCF8375", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9358CF9C-02BC-4651-B042-DB1EF0904096", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "72690B15-9008-4C76-B936-7A6C6835DF19", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "246B65EE-DAC0-4EAD-A728-590B17962686", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D24E159F-50F0-48F6-AEB3-4BA06E614B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B148B08A-4CCB-4C14-9451-23676D5BACBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "58DE6682-5972-4A4B-A303-88ECDA7916A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "AEBA7B70-5BDA-416A-A956-BB15DECA73DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "31E38F7C-E437-4EBA-BA75-535AF49236C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "13C2D88B-89DE-4C31-8220-E25BF6E2B493", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B90B16A-FFC3-4A8B-8D55-424BD501CA0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "F5F9386B-1A22-4224-B7AA-5DDCA7A89345", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "EAE378DC-E203-4F73-A47F-2801DFEE7230", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D5FEDF63-4C25-454D-90FC-915267A2B7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "6CABE714-C2CB-43FB-B44A-4C0E80604DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "751D7615-6ED5-49BC-BBF7-867388B67DE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."}, {"lang": "es", "value": "La funci\u00f3n get_group_tree en lib/Munin/Master/HTMLConfig.pm en Munin anterior a 2.0.18 permite a nodos remotos provocar una denegaci\u00f3n de servicio (bucle infinito y el consumo de memoria en el proceso Munin-html) a trav\u00e9s de datos multigrafo artesanales."}], "id": "CVE-2013-6048", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-13T18:55:04.897", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2815"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2090-1"}, {"source": "cve@mitre.org", "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2090-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}