Out-of-Bounds Affecting trafficserver package, versions <3.0.4-1
Threat Intelligence
EPSS
0.73% (82nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-TRAFFICSERVER-337487
- published 26 Mar 2012
- disclosed 26 Mar 2012
Introduced: 26 Mar 2012
CVE-2012-0256 Open this link in a new tabHow to fix?
Upgrade Debian:unstable trafficserver to version 3.0.4-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream trafficserver package and not the trafficserver package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
References
- https://security-tracker.debian.org/tracker/CVE-2012-0256
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html
- https://www.cert.fi/en/reports/2012/vulnerability612884.html
- http://trafficserver.apache.org/downloads
- http://seclists.org/fulldisclosure/2012/Mar/260
- http://www.securityfocus.com/bid/52696
- http://www.securitytracker.com/id?1026847
CVSS Scores
version 3.1