CVE-2004-0918 — Squid vulnerability

CWE-3999 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

68.7%

top 1.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Openpkg Redhat Fedora Core +2 more

Timeline

PublishedJan 27

Latest updateMay 3

Description

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶Debiansquid/squid< 2.5.7+3

▶NVDsquid/squid16 versions+15

▶NVDopenpkg/openpkg2.1, 2.2, current+2

▶NVDredhat/fedora_corecore_2.0

▶NVDtrustix/secure_linux1.5, 2.0, 2.1+2

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jx7g-w69f-vmq6: The asn_parse_header function (asn1↗2022-05-03

▶

OSV

CVE-2004-0918: The asn_parse_header function (asn1↗2005-01-27

▶

CVEList

CVE-2004-0918: The asn_parse_header function (asn1↗2004-10-21

▶

📋Vendor Advisories

Ubuntu

squid vulnerabilities↗2004-11-07

▶

Red Hat

Squid SNMP DoS↗2004-10-11

▶

Debian

CVE-2004-0918: squid - The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Ca...↗2004

▶

💬Community

Bugzilla

CVE-2004-0918 Squid SNMP DoS↗2008-06-27

▶

Bugzilla

Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345↗2004-10-11

▶