PT-2010-2099 · Squid+1 · Squid+2
Tomas Hoger
·
Publicado
2010-02-03
·
Atualizado
2017-09-19
·
CVE-2010-0308
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Squid versions 2.x, 3.0 through 3.0.STABLE22, 3.1 through 3.1.0.15
Description
The issue allows remote attackers to cause a denial of service via a crafted DNS packet that only contains a header, leading to an assertion failure in the lib/rfc1035.c file.
Recommendations
For Squid versions 2.x, update to a version outside of the affected range to resolve the issue.
For Squid versions 3.0 through 3.0.STABLE22, update to a version outside of the affected range to resolve the issue.
For Squid versions 3.1 through 3.1.0.15, update to a version outside of the affected range to resolve the issue.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat
Squid
Squid Cache