CVE-2013-6048

Name of the Vulnerable Software and Affected Versions Munin versions prior to 2.0.18

Description The issue allows remote nodes to cause a denial of service, resulting in an infinite loop and memory consumption in the munin-html process. This is achieved via crafted multigraph data sent to the get group tree function. Multiple vulnerabilities in the Munin package of the Debian GNU/Linux operating system can lead to a disruption in the availability of protected information, and exploitation can be carried out remotely.

Recommendations For versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the get group tree function in lib/Munin/Master/HTMLConfig.pm to minimize the risk of exploitation.