PT-2010-2391 · Squid+1 · Squid+2

Kieran Whitbread

Published

2010-02-15

Updated

2012-01-27

CVE-2010-0639

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Squid versions 2.x prior to 2.6.STABLE24 Squid versions 2.7 prior to 2.7.STABLE8 Squid versions 3.0 prior to 3.0.STABLE24

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash due to a NULL pointer dereference. This is achieved by sending crafted packets to the HTCP port.

Recommendations For Squid versions 2.x prior to 2.6.STABLE24, update to version 2.6.STABLE24 or later. For Squid versions 2.7 prior to 2.7.STABLE8, update to version 2.7.STABLE8 or later. For Squid versions 3.0 prior to 3.0.STABLE24, update to version 3.0.STABLE24 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0639

SUSE-SU-2012_0128-1

Affected Products

Squid

Squid Cache

Suse

PT-2010-2391 · Squid+1 · Squid+2

CVE-2010-0639

Related Identifiers

Affected Products

References · 23