Lucene search

K
cveRedhatCVE-2008-1612
HistoryApr 01, 2008 - 5:44 p.m.

CVE-2008-1612

2008-04-0117:44:00
CWE-20
redhat
web.nvd.nist.gov
56
security
vulnerability
squid
denial of service
cve-2008-1612
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.423

Percentile

97.4%

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Affected configurations

Nvd
Node
squidsquidMatch2.6.stable17
VendorProductVersionCPE
squidsquid2.6.stable17cpe:2.3:a:squid:squid:2.6.stable17:*:*:*:*:*:*:*

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.423

Percentile

97.4%