CVE-2005-2796

8 documents8 sources

Severity

5.0MEDIUM

EPSS

15.1%

top 5.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid

Timeline

PublishedSep 7

Latest updateMay 1

Description

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid< 2.5.10-5+3

▶NVDsquid/squid61 versions+60

Patches

Patch: securitytracker.com ↗Patch: www.squid-cache.org ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-q53j-wvv4-p6jq: The sslConnectTimeout function in ssl↗2022-05-01

▶

CVEList

CVE-2005-2796: The sslConnectTimeout function in ssl↗2005-09-07

▶

OSV

CVE-2005-2796: The sslConnectTimeout function in ssl↗2005-09-07

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2005-09-13

▶

Red Hat

security flaw↗2005-09-01

▶

Debian

CVE-2005-2796: squid - The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allow...↗2005

▶

💬Community

Bugzilla

CVE-2005-2796 security flaw↗2018-08-16

▶