cbcvebase.
CVE-2004-0918
published 2005-01-27

CVE-2004-0918: The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service…

PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
16.03%
96.5th percentile
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
debiansquid< squid 2.5.7 (bookworm)squid 2.5.7 (bookworm)
openpkgopenpkg
openpkgopenpkg
openpkgopenpkg
redhatfedora_core
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid>= 0 < 2.5.72.5.7
squidsquid>= 0 < 2.5.72.5.7
squidsquid>= 0 < 2.5.72.5.7
squidsquid>= 0 < 2.5.72.5.7

Detection & IOCsextracted from sources · hover to see the quote

pathasn1.c
port161/udp (SNMP)
  • Look for SNMP packets with negative length fields in ASN.1 headers directed at Squid proxy instances; these trigger a memory allocation error and server restart.
  • The vulnerable function is asn_parse_header in asn1.c within Squid's SNMP module; monitor for unexpected Squid process restarts correlated with inbound SNMP traffic.
  • Insufficient validation of ASN.1 headers in SNMP packets is the root cause; inspect SNMP traffic for malformed ASN.1 length fields (negative/oversized values).
  • This flaw was fixed in Squid 2.x but was never added to the Squid 3.x branch until later; ensure Squid 3.x deployments are also patched.
  • ·Squid versions before 2.4.STABLE7 are vulnerable; upgrade to at least 2.4.STABLE7 (or 2.5.7 per Debian) to remediate.
  • ·The fix was missing from the Squid 3.x branch (specifically Fedora 9 shipped squid-3.0.STABLE7 without the patch); verify 3.x deployments are patched.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.