PT-2009-5959 · Squidguard · Squidguard

Publicado

2009-10-28

Atualizado

2024-06-15

CVE-2009-3700

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions squidGuard versions 1.3 through 1.4

Description The issue is related to a buffer overflow in the sgLog.c file, which can be triggered by remote attackers sending a long URL containing many / (slash) characters. This can cause the application to hang or lose its blocking functionality, particularly when it enters "emergency mode."

Recommendations For squidGuard versions 1.3 through 1.4, consider restricting access to long URLs or limiting the number of / (slash) characters allowed in URLs as a temporary workaround until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2009-3700

DSA-2040-1

OPENSUSE-SU-2024:10562-1

Produtos afetados

Squidguard

PT-2009-5959 · Squidguard · Squidguard

CVE-2009-3700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19