7.5

CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

Data is provided by the National Vulnerability Database (NVD)
Squid-cacheSquid Version2.5.stable1
Squid-cacheSquid Version2.5.stable2
Squid-cacheSquid Version2.5.stable3
Squid-cacheSquid Version2.5.stable4
Squid-cacheSquid Version2.5.stable5
Squid-cacheSquid Version2.5.stable6
DebianDebian Linux Version3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 41.52% 0.973
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.redhat.com/support/errata/RHSA-2005-060.html
Third Party Advisory
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-061.html
Third Party Advisory
Not Applicable
http://securitytracker.com/id?1013045
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/886006
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/12432
Third Party Advisory
VDB Entry