4.3
CVE-2008-1612
- EPSS 2.18%
- Veröffentlicht 01.04.2008 17:44:00
- Zuletzt bearbeitet 16.06.2026 22:52:05
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.802 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/34467
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
http://marc.info/?l=squid-announce&m=120614453813157&w=2
http://secunia.com/advisories/27477
http://secunia.com/advisories/29813
http://secunia.com/advisories/30032
http://secunia.com/advisories/32109
http://www.debian.org/security/2008/dsa-1646
http://www.mandriva.com/security/advisories?name=MDVSA-2008:134
http://www.openwall.com/lists/oss-security/2008/04/01/5
http://www.redhat.com/support/errata/RHSA-2008-0214.html
http://www.securityfocus.com/bid/28693
http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch
http://www.ubuntu.com/usn/usn-601-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/41586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html