CVE-2007-6239
published 2007-12-04CVE-2007-6239: The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash)…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
26.86%
97.8th percentile
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.6.17-1 (bookworm) | squid 2.6.17-1 (bookworm) |
| debian | squid | < squid 2.6.18-1 (bookworm) | squid 2.6.18-1 (bookworm) |
| squid | squid | — | — |
| squid | squid | >= 0 < 2.6.17-1 | 2.6.17-1 |
| squid | squid | >= 0 < 2.6.18-1 | 2.6.18-1 |
| squid | squid | >= 0 < 2.6.17-1 | 2.6.17-1 |
| squid | squid | >= 0 < 2.6.18-1 | 2.6.18-1 |
| squid | squid | >= 0 < 2.6.17-1 | 2.6.17-1 |
| squid | squid | >= 0 < 2.6.18-1 | 2.6.18-1 |
| squid | squid | >= 0 < 2.6.17-1 | 2.6.17-1 |
| squid | squid | >= 0 < 2.6.18-1 | 2.6.18-1 |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
| squid | squid_web_proxy_cache | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcwf-4hxx-vx9v: The arrayShrink function (lib/Array
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2008-1612 [MEDIUM] CWE-20 GHSA-qcwf-4hxx-vx9v: The arrayShrink function (lib/Array
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
GHSA
GHSA-6pw6-cgf2-h2v8: The "cache update reply processing" functionality in Squid 2
ghsa_unreviewed·2022-05-01
CVE-2007-6239 [MEDIUM] CWE-20 GHSA-6pw6-cgf2-h2v8: The "cache update reply processing" functionality in Squid 2
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
OSV
CVE-2008-1612: The arrayShrink function (lib/Array
osv·2008-04-01·CVSS 5.0
CVE-2008-1612 [MEDIUM] CVE-2008-1612: The arrayShrink function (lib/Array
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
OSV
CVE-2007-6239: The "cache update reply processing" functionality in Squid 2
osv·2007-12-04·CVSS 5.0
CVE-2007-6239 [MEDIUM] CVE-2007-6239: The "cache update reply processing" functionality in Squid 2
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Ubuntu
Squid vulnerability
vendor_ubuntu·2008-04-14·CVSS 5.0
CVE-2008-1612 [MEDIUM] Squid vulnerability
Title: Squid vulnerability
Summary: Squid vulnerability
It was discovered that Squid did not perform proper bounds checking when
processing cache update replies. A remote authenticated user may be able
to trigger an assertion error and cause a denial of service. This
vulnerability is due to an incorrect upstream fix for CVE-2007-6239.
(CVE-2008-1612)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
squid: regression in SQUID-2007:2 / CVE-2007-6239
vendor_redhat·2008-03-22·CVSS 5.0
CVE-2008-1612 [MEDIUM] squid: regression in SQUID-2007:2 / CVE-2007-6239
squid: regression in SQUID-2007:2 / CVE-2007-6239
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Ubuntu
Squid vulnerability
vendor_ubuntu·2008-01-09
CVE-2007-6239 Squid vulnerability
Title: Squid vulnerability
Summary: Squid vulnerability
It was discovered that Squid did not always clean up cache memory
correctly. A remote attacker could manipulate cache update replies and
cause Squid to use all available memory, leading to a denial of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2008-1612: squid - The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to...
vendor_debian·2008·CVSS 5.0
CVE-2008-1612 [MEDIUM] CVE-2008-1612: squid - The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to...
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Scope: local
bookworm: resolved (fixed in 2.6.18-1)
bullseye: resolved (fixed in 2.6.18-1)
forky: resolved (fixed in 2.6.18-1)
sid: resolved (fixed in 2.6.18-1)
trixie: resolved (fixed in 2.6.18-1)
Red Hat
squid: DoS in cache updates
vendor_redhat·2007-12-04·CVSS 5.0
CVE-2007-6239 [MEDIUM] squid: DoS in cache updates
squid: DoS in cache updates
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Debian
CVE-2007-6239: squid - The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE...
vendor_debian·2007·CVSS 5.0
CVE-2007-6239 [MEDIUM] CVE-2007-6239: squid - The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE...
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Scope: local
bookworm: resolved (fixed in 2.6.17-1)
bullseye: resolved (fixed in 2.6.17-1)
forky: resolved (fixed in 2.6.17-1)
sid: resolved (fixed in 2.6.17-1)
trixie: resolved (fixed in 2.6.17-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-1612 squid: regression in SQUID-2007:2 / CVE-2007-6239
bugzilla·2008-03-31·CVSS 5.0
CVE-2008-1612 [MEDIUM] CVE-2008-1612 squid: regression in SQUID-2007:2 / CVE-2007-6239
CVE-2008-1612 squid: regression in SQUID-2007:2 / CVE-2007-6239
Squid security advisory SQUID-2007:2 was released on 2007-11-27 describing
potential denial of service (DoS) bug in squid proxy server:
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
The advisory was now updated to address problem introduced by the fix:
http://marc.info/?l=squid-announce&m=120614453813157&w=2
Following patch is need to allow shrinking squid Arrays to zero-sized arrays:
http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch
Discussion:
Issue was previously tracked using bug bug #410181.
---
This issue was introduced in the original fix for SQUID-2007_2. An attacker can
possibly cause squid child process to exit due to a failed assert. New child
process is spawned by the parent squid
Bugzilla
CVE-2007-6239 squid: DoS in cache updates
bugzilla·2007-12-04·CVSS 5.0
CVE-2007-6239 [MEDIUM] CVE-2007-6239 squid: DoS in cache updates
CVE-2007-6239 squid: DoS in cache updates
Squid security advisory SQUID-2007:2 was published recently:
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
Problem Description:
Due to incorrect bounds checking Squid is vulnerable to
a denial of service check during some cache update reply
processing.
Severity:
This problem allows any client trusted to use the service to
perform a denial of service attack on the Squid service.
Discussion:
Based on additional info from Adrian Chadd:
Due to the way internal squid's Arrays are handled, additional requests for the
cached object can cause additional memory to be used for that object. As with
each request only few extra bytes are wasted, attacker would have to create a
large amount of requests to exhaust all available memory and possib
http://bugs.gentoo.org/show_bug.cgi?id=201209http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/27910http://secunia.com/advisories/28091http://secunia.com/advisories/28109http://secunia.com/advisories/28350http://secunia.com/advisories/28381http://secunia.com/advisories/28403http://secunia.com/advisories/28412http://secunia.com/advisories/28814http://secunia.com/advisories/34467http://security.gentoo.org/glsa/glsa-200801-05.xmlhttp://security.gentoo.org/glsa/glsa-200903-38.xmlhttp://www.debian.org/security/2008/dsa-1482http://www.kb.cert.org/vuls/id/232881http://www.mandriva.com/security/advisories?name=MDVSA-2008:002http://www.redhat.com/support/errata/RHSA-2007-1130.htmlhttp://www.securityfocus.com/bid/26687http://www.securitytracker.com/id?1019036http://www.squid-cache.org/Advisories/SQUID-2007_2.txthttp://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patchhttp://www.ubuntu.com/usn/usn-565-1http://www.vupen.com/english/advisories/2007/4066https://bugzilla.redhat.com/show_bug.cgi?id=410181https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=201209http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/27910http://secunia.com/advisories/28091http://secunia.com/advisories/28109http://secunia.com/advisories/28350http://secunia.com/advisories/28381http://secunia.com/advisories/28403http://secunia.com/advisories/28412http://secunia.com/advisories/28814http://secunia.com/advisories/34467http://security.gentoo.org/glsa/glsa-200801-05.xmlhttp://security.gentoo.org/glsa/glsa-200903-38.xmlhttp://www.debian.org/security/2008/dsa-1482http://www.kb.cert.org/vuls/id/232881http://www.mandriva.com/security/advisories?name=MDVSA-2008:002http://www.redhat.com/support/errata/RHSA-2007-1130.htmlhttp://www.securityfocus.com/bid/26687http://www.securitytracker.com/id?1019036http://www.squid-cache.org/Advisories/SQUID-2007_2.txthttp://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patchhttp://www.ubuntu.com/usn/usn-565-1http://www.vupen.com/english/advisories/2007/4066https://bugzilla.redhat.com/show_bug.cgi?id=410181https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html
2007-12-04
Published