CVE-2009-2855

EPSS 60.66%
Veröffentlicht 18.08.2009 21:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version2.7

Squid-cache ≫ Squid Version2.7 Updatestable3

Squid-cache ≫ Squid Version2.7 Updatestable4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	60.66%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982

http://www.openwall.com/lists/oss-security/2009/07/20/10

http://www.openwall.com/lists/oss-security/2009/08/03/3

http://www.openwall.com/lists/oss-security/2009/08/04/6

http://www.securityfocus.com/bid/36091

http://www.securitytracker.com/id?1022757

http://www.squid-cache.org/bugs/show_bug.cgi?id=2541

http://www.squid-cache.org/bugs/show_bug.cgi?id=2704

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=518182

https://exchange.xforce.ibmcloud.com/vulnerabilities/52610

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592

https://nvd.nist.gov/vuln/detail/CVE-2009-2855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2855

EUVD