5
CVE-2009-2855
- EPSS 36.73%
- Veröffentlicht 18.08.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:10:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cache ≫ Squid Version2.7
Squid-cache ≫ Squid Version2.7 Updatestable3
Squid-cache ≫ Squid Version2.7 Updatestable4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.73% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982
http://www.openwall.com/lists/oss-security/2009/07/20/10
http://www.openwall.com/lists/oss-security/2009/08/03/3
http://www.openwall.com/lists/oss-security/2009/08/04/6
http://www.securityfocus.com/bid/36091
http://www.securitytracker.com/id?1022757
http://www.squid-cache.org/bugs/show_bug.cgi?id=2541
http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
https://bugzilla.redhat.com/show_bug.cgi?id=518182
https://exchange.xforce.ibmcloud.com/vulnerabilities/52610
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592