CVE-2005-0718
published 2005-04-14CVE-2005-0718: Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
12.53%
95.7th percentile
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.5.8 (bookworm) | squid 2.5.8 (bookworm) |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat7.5HIGH
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2005-06-06·CVSS 7.5
CVE-2005-1937 [HIGH] security flaw
security flaw
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
Ubuntu
Squid vulnerability
vendor_ubuntu·2005-04-14
CVE-2005-0718 Squid vulnerability
Title: Squid vulnerability
Summary: Squid vulnerability
A remote Denial of Service vulnerability has been discovered in Squid.
If the remote end aborted the connection during a PUT or POST request,
Squid tried to free an already freed part of memory, which eventually
caused the server to crash.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-03-04·CVSS 5.0
CVE-2005-0718 [MEDIUM] security flaw
security flaw
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
Debian
CVE-2005-0718: squid - Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of servi...
vendor_debian·2005·CVSS 5.0
CVE-2005-0718 [MEDIUM] CVE-2005-0718: squid - Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of servi...
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
Scope: local
bookworm: resolved (fixed in 2.5.8)
bullseye: resolved (fixed in 2.5.8)
forky: resolved (fixed in 2.5.8)
sid: resolved (fixed in 2.5.8)
trixie: resolved (fixed in 2.5.8)
GHSA
GHSA-9wrw-hg5g-h4gx: Squid 2
ghsa_unreviewed·2022-05-01
CVE-2005-0718 [MEDIUM] GHSA-9wrw-hg5g-h4gx: Squid 2
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
OSV
CVE-2005-0718: Squid 2
osv·2005-04-14·CVSS 5.0
CVE-2005-0718 [MEDIUM] CVE-2005-0718: Squid 2
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0718 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0718 [MEDIUM] CVE-2005-0718 security flaw
CVE-2005-0718 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
Bugzilla
CVE-2005-1937 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-1937 [HIGH] CVE-2005-1937 security flaw
CVE-2005-1937 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
Bugzilla
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
bugzilla·2004-10-11·CVSS 7.5
CVE-2004-0541 [HIGH] Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-...
iDEFENSE reported on 2004-10-11 a vulnerability in the squid SNMP
module. This issue could lead to a potential DOS (it will restart
the server, dropping all open connections).
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135320
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135319
------- Additional Comments From [email protected] 2004-10-11 19:30:05 ----
Patch available here:
http://www1.uk.squid-cache.org/squid/Versions/v2/2
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931http://fedoranews.org/updates/FEDORA--.shtmlhttp://secunia.com/advisories/12508http://www.redhat.com/support/errata/RHSA-2005-415.htmlhttp://www.redhat.com/support/errata/RHSA-2005-489.htmlhttp://www.securityfocus.com/bid/13166http://www.squid-cache.org/bugs/show_bug.cgi?id=1224http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-posthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19919https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562https://usn.ubuntu.com/111-1/http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931http://fedoranews.org/updates/FEDORA--.shtmlhttp://secunia.com/advisories/12508http://www.redhat.com/support/errata/RHSA-2005-415.htmlhttp://www.redhat.com/support/errata/RHSA-2005-489.htmlhttp://www.securityfocus.com/bid/13166http://www.squid-cache.org/bugs/show_bug.cgi?id=1224http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-posthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19919https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562https://usn.ubuntu.com/111-1/
2005-04-14
Published