CVE-2009-2621 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

23.6%

top 4.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid

Timeline

PublishedJul 28

Latest updateMay 2

Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsquid-cache/squid6 versions+5

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-g3mg-m63j-55xf: Squid 3↗2022-05-02

▶

CVEList

CVE-2009-2621: Squid 3↗2009-07-28

▶

📋Vendor Advisories

Red Hat

squid: multiple vulnerabilities fixed in squid 3.0.STABLE17↗2009-07-27

▶

Debian

CVE-2009-2621: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforc...↗2009

▶

💬Community

Bugzilla

CVE-2009-2621, CVE-2009-2622 squid: multiple vulnerabilities fixed in squid 3.0.STABLE17↗2009-07-27

▶