4.3

CVE-2008-1612

Exploit
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error.  NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Version2.6.stable17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/34467
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
Patch
http://marc.info/?l=squid-announce&m=120614453813157&w=2
http://secunia.com/advisories/27477
http://secunia.com/advisories/29813
http://secunia.com/advisories/30032
http://secunia.com/advisories/32109
http://www.debian.org/security/2008/dsa-1646
http://www.mandriva.com/security/advisories?name=MDVSA-2008:134
http://www.openwall.com/lists/oss-security/2008/04/01/5
http://www.redhat.com/support/errata/RHSA-2008-0214.html
http://www.securityfocus.com/bid/28693
http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch
Exploit
http://www.ubuntu.com/usn/usn-601-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/41586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html