5

CVE-2004-2654

EPSS 0.51%
Veröffentlicht 31.12.2004 05:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference.  NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid ≫ Squid Version2.5_stable5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.636

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/12508

Vendor Advisory

http://secunia.com/advisories/12754

Patch

Vendor Advisory

http://securitytracker.com/id?1011214

http://www.attrition.org/pipermail/vim/2006-February/000570.html

http://www.osvdb.org/9801

http://www.securitylab.ru/47881.html

http://www.squid-cache.org/bugs/show_bug.cgi?id=972

https://nvd.nist.gov/vuln/detail/CVE-2004-2654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2654

EUVD