CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
94.8%
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly
enforce “buffer limits and related bound checks,” which allows remote
attackers to cause a denial of service via (1) an incomplete request or (2)
a request with a large header size, related to (a) HttpMsg.cc and (b)
client_side.cc.