CVE-2002-0068

Name of the Vulnerable Software and Affected Versions Squid versions 2.4 STABLE3 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to a core dump, and may also enable the execution of arbitrary code. This can be achieved by using an ftp:// URL that contains a large number of special characters. When Squid attempts to URL-escape these characters, the buffer can be exceeded.

Recommendations For Squid versions 2.4 STABLE3 and earlier, consider restricting access to ftp:// URLs or limiting the number of special characters allowed in URLs as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.