PT-2007-7534 · Squid · Squid+1

Erick Dantas Rotole

Published

1970-01-01

Updated

2017-07-29

CVE-2007-0248

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Squid versions prior to 2.6.STABLE7

Description The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in the availability of protected information. This can be achieved by overloading the external acl queue, which triggers an infinite loop in the aclMatchExternal function. The exploitation of this issue can be done remotely.

Recommendations For Squid versions prior to 2.6.STABLE7, update to version 2.6.STABLE7 or later to resolve the issue. As a temporary workaround, consider restricting access to the aclMatchExternal function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-04631

BDU:2015-04955

CVE-2007-0248

Affected Products

Squid

Squid Cache

PT-2007-7534 · Squid · Squid+1

CVE-2007-0248

Weakness Enumeration

Related Identifiers

Affected Products

References · 22