Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-pq9r-bdfx-vqb8

Summary Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Aliases

alias	CVE-2012-5643

Fixed_packages

url	pkg:deb/debian/squid@2.7.STABLE9-2?distro=trixie
purl	pkg:deb/debian/squid@2.7.STABLE9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE9-2%3Fdistro=trixie

url pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tpw-u7cg-hqd7

vulnerability	VCID-7sua-wuyu-cqby

vulnerability	VCID-pshb-b8z8-gqhm

vulnerability	VCID-qyjc-znbd-dub6

vulnerability	VCID-rv56-tjvg-bbbc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tpw-u7cg-hqd7

vulnerability	VCID-7sua-wuyu-cqby

vulnerability	VCID-pshb-b8z8-gqhm

vulnerability	VCID-qyjc-znbd-dub6

vulnerability	VCID-rv56-tjvg-bbbc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tpw-u7cg-hqd7

vulnerability	VCID-pshb-b8z8-gqhm

vulnerability	VCID-qyjc-znbd-dub6

vulnerability	VCID-rv56-tjvg-bbbc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/squid@7.5-1?distro=trixie
purl	pkg:deb/debian/squid@7.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie

url	pkg:ebuild/net-proxy/squid@3.2.13
purl	pkg:ebuild/net-proxy/squid@3.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-proxy/squid@3.2.13

Affected_packages

url pkg:rpm/redhat/squid@7:3.1.10-16?arch=el6

purl pkg:rpm/redhat/squid@7:3.1.10-16?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pq9r-bdfx-vqb8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/squid@7:3.1.10-16%3Farch=el6

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5643.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5643.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5643

reference_id

reference_type

scores

value	0.33163
scoring_system	epss
scoring_elements	0.96996
published_at	2026-06-04T12:55:00Z

value	0.33163
scoring_system	epss
scoring_elements	0.97
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5643

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=887962
reference_id	887962
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=887962

reference_url	https://security.gentoo.org/glsa/201309-22
reference_id	GLSA-201309-22
reference_type
scores
url	https://security.gentoo.org/glsa/201309-22

reference_url	https://access.redhat.com/errata/RHSA-2013:0505
reference_id	RHSA-2013:0505
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0505

reference_url	https://usn.ubuntu.com/1713-1/
reference_id	USN-1713-1
reference_type
scores
url	https://usn.ubuntu.com/1713-1/

Weaknesses

cwe_id	401
name	Missing Release of Memory after Effective Lifetime
description	The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.3

Risk_score 0.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq9r-bdfx-vqb8

Vulnerability Instance