CVE-2010-0308

EPSS 16.82%
Veröffentlicht 03.02.2010 18:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version2.0

Squid-cache ≫ Squid Version2.1

Squid-cache ≫ Squid Version2.2

Squid-cache ≫ Squid Version2.3

Squid-cache ≫ Squid Version2.4

Squid-cache ≫ Squid Version2.5

Squid-cache ≫ Squid Version2.6

Squid-cache ≫ Squid Version2.7

Squid-cache ≫ Squid Version3.0

Squid-cache ≫ Squid Version3.0.stable1

Squid-cache ≫ Squid Version3.0.stable2

Squid-cache ≫ Squid Version3.0.stable3

Squid-cache ≫ Squid Version3.0.stable4

Squid-cache ≫ Squid Version3.0.stable5

Squid-cache ≫ Squid Version3.0.stable6

Squid-cache ≫ Squid Version3.0.stable7

Squid-cache ≫ Squid Version3.0.stable8

Squid-cache ≫ Squid Version3.0.stable9

Squid-cache ≫ Squid Version3.0.stable11

Squid-cache ≫ Squid Version3.0.stable12

Squid-cache ≫ Squid Version3.0.stable13

Squid-cache ≫ Squid Version3.0.stable14

Squid-cache ≫ Squid Version3.0.stable15

Squid-cache ≫ Squid Version3.0.stable16

Squid-cache ≫ Squid Version3.0.stable17

Squid-cache ≫ Squid Version3.0.stable18

Squid-cache ≫ Squid Version3.0.stable19

Squid-cache ≫ Squid Version3.0.stable20

Squid-cache ≫ Squid Version3.0.stable21

Squid-cache ≫ Squid Version3.0.stable22

Squid-cache ≫ Squid Version3.1

Squid-cache ≫ Squid Version3.1.0.1

Squid-cache ≫ Squid Version3.1.0.2

Squid-cache ≫ Squid Version3.1.0.3

Squid-cache ≫ Squid Version3.1.0.4

Squid-cache ≫ Squid Version3.1.0.5

Squid-cache ≫ Squid Version3.1.0.6

Squid-cache ≫ Squid Version3.1.0.7

Squid-cache ≫ Squid Version3.1.0.8

Squid-cache ≫ Squid Version3.1.0.9

Squid-cache ≫ Squid Version3.1.0.10

Squid-cache ≫ Squid Version3.1.0.11

Squid-cache ≫ Squid Version3.1.0.12

Squid-cache ≫ Squid Version3.1.0.13

Squid-cache ≫ Squid Version3.1.0.14

Squid-cache ≫ Squid Version3.1.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.82%	0.947

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf

http://osvdb.org/62044

http://secunia.com/advisories/38451

Vendor Advisory

http://secunia.com/advisories/38455

Vendor Advisory

http://www.securityfocus.com/bid/37522

http://www.securitytracker.com/id?1023520

http://www.squid-cache.org/Advisories/SQUID-2010_1.txt

Vendor Advisory

http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch