squids ICAP implementation lacks a defer check when reading from ICAP server

Type securityvulns
Reporter Securityvulns
Modified 2007-12-12T00:00:00


squids ICAP implementation does not check mem-store size before reading from an ICAP-server. If the user does not confirm browsers download-message-box, squid keeps on reading data from the ICAP server into the memory store, whilst no more data can be delivered to the client. Thus the memory store is growing and squid may - in worst case - consume memory up to the size of the users download. details and a patch can be found on

-- Martin Huter Unit Manager phion AG Eduard-Bodem-Gasse 1 A-6020 Innsbruck

Tel: +43 (0) 508 100 Fax: +43 (0) 508 100 20 Mail: m.huter@phion.com Web: http://www.phion.com

phion AG Vorsitzender des Aufsichtsrates: Dr. Karl Lamprecht Vorstand: Dr. Wieland Alge, Mag. Gunter Klausner Sitz der Gesellschaft: 6020 Innsbruck, Osterreich Handelsgericht Innsbruck Firmenbuch: 184392s UID-Nr:: ATU47509003