5

CVE-2004-2654

EPSS 0.51%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference.  NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Squid ≫ Squid Version2.5_stable5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.636

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://secunia.com/advisories/12508

Vendor Advisory

http://secunia.com/advisories/12754

Patch

Vendor Advisory

http://securitytracker.com/id?1011214

http://www.attrition.org/pipermail/vim/2006-February/000570.html

http://www.osvdb.org/9801

http://www.securitylab.ru/47881.html

http://www.squid-cache.org/bugs/show_bug.cgi?id=972

https://nvd.nist.gov/vuln/detail/CVE-2004-2654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2654

EUVD