squidGuard 1.4 Denial Of Service

We're using squidGuard 1.4 and discovered a possible denial of service. When a user is accessing a very long URL, a internal buffer is too small and squidguard is entering emergency mode. In this mode, no blocking is done anymore. The URL for reference:...

Buffer overflow

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...

CVE-2009-3826

Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to 1 the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and 2 a redirect URL that contains information about the originally...

CVE-2009-3700

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...