CVE-2009-2621

EPSS 23.56%
Veröffentlicht 28.07.2009 17:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version3.0 Editionpre1

Squid-cache ≫ Squid Version3.0 Editionpre2

Squid-cache ≫ Squid Version3.0 Editionpre3

Squid-cache ≫ Squid Version3.0 Editionpre4

Squid-cache ≫ Squid Version3.0 Editionpre5

Squid-cache ≫ Squid Version3.0 Editionpre6

Squid-cache ≫ Squid Version3.0 Editionpre7

Squid-cache ≫ Squid Version3.0 Editionstable1

Squid-cache ≫ Squid Version3.0 Editionstable10

Squid-cache ≫ Squid Version3.0 Editionstable11

Squid-cache ≫ Squid Version3.0 Editionstable12

Squid-cache ≫ Squid Version3.0 Editionstable13

Squid-cache ≫ Squid Version3.0 Editionstable14

Squid-cache ≫ Squid Version3.0 Editionstable15

Squid-cache ≫ Squid Version3.0 Editionstable2

Squid-cache ≫ Squid Version3.0 Editionstable3

Squid-cache ≫ Squid Version3.0 Editionstable4

Squid-cache ≫ Squid Version3.0 Editionstable5

Squid-cache ≫ Squid Version3.0 Editionstable6

Squid-cache ≫ Squid Version3.0 Editionstable7

Squid-cache ≫ Squid Version3.0 Editionstable8

Squid-cache ≫ Squid Version3.0 Editionstable9

Squid-cache ≫ Squid Version3.0 Updaterc1 Editionstable11

Squid-cache ≫ Squid Version3.0 Updaterc4

Squid-cache ≫ Squid Version3.1

Squid-cache ≫ Squid Version3.1.0.1

Squid-cache ≫ Squid Version3.1.0.2

Squid-cache ≫ Squid Version3.1.0.3

Squid-cache ≫ Squid Version3.1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.56%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/36007

http://www.mandriva.com/security/advisories?name=MDVSA-2009:161

http://www.mandriva.com/security/advisories?name=MDVSA-2009:178

http://www.securityfocus.com/bid/35812

http://www.securitytracker.com/id?1022607

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

Vendor Advisory

http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch

Patch

http://www.vupen.com/english/advisories/2009/2013

https://nvd.nist.gov/vuln/detail/CVE-2009-2621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2621

EUVD