Lucene search

[email protected]NVD:CVE-2009-2621

HistoryJul 28, 2009 - 5:30 p.m.

CVE-2009-2621

2009-07-2817:30:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.095

Percentile

94.8%

JSON

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce “buffer limits and related bound checks,” which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Affected configurations

Nvd

Node

squid-cachesquidMatch3.0pre1

squid-cachesquidMatch3.0pre2

squid-cachesquidMatch3.0pre3

squid-cachesquidMatch3.0pre4

squid-cachesquidMatch3.0pre5

squid-cachesquidMatch3.0pre6

squid-cachesquidMatch3.0pre7

squid-cachesquidMatch3.0stable1

squid-cachesquidMatch3.0stable10

squid-cachesquidMatch3.0stable11

squid-cachesquidMatch3.0stable12

squid-cachesquidMatch3.0stable13

squid-cachesquidMatch3.0stable14

squid-cachesquidMatch3.0stable15

squid-cachesquidMatch3.0stable2

squid-cachesquidMatch3.0stable3

squid-cachesquidMatch3.0stable4

squid-cachesquidMatch3.0stable5

squid-cachesquidMatch3.0stable6

squid-cachesquidMatch3.0stable7

squid-cachesquidMatch3.0stable8

squid-cachesquidMatch3.0stable9

squid-cachesquidMatch3.0rc1stable11

squid-cachesquidMatch3.0rc4

squid-cachesquidMatch3.1

squid-cachesquidMatch3.1.0.1

squid-cachesquidMatch3.1.0.2

squid-cachesquidMatch3.1.0.3

squid-cachesquidMatch3.1.0.4

VendorProductVersionCPE
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*
squid-cachesquid3.0cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*

Vendor	Product	Version	CPE
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre1:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre2:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre3:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre4:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre5:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre6:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::pre7:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::stable1:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::stable10:::::
squid-cache	squid	3.0	cpe:2.3:a:squid-cache:squid:3.0::stable11:::::