CVE-2009-2621
published 2009-07-28CVE-2009-2621: Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to…
PriorityP434medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
23.05%
97.5th percentile
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
vendor_redhat·2009-07-27·CVSS 5.0
CVE-2009-2621 [MEDIUM] squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
Statement: Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2009-2621: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforc...
vendor_debian·2009·CVSS 5.0
CVE-2009-2621 [MEDIUM] CVE-2009-2621: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforc...
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-g3mg-m63j-55xf: Squid 3
ghsa_unreviewed·2022-05-02
CVE-2009-2621 [MEDIUM] CWE-119 GHSA-g3mg-m63j-55xf: Squid 3
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/36007http://www.mandriva.com/security/advisories?name=MDVSA-2009:161http://www.mandriva.com/security/advisories?name=MDVSA-2009:178http://www.securityfocus.com/bid/35812http://www.securitytracker.com/id?1022607http://www.squid-cache.org/Advisories/SQUID-2009_2.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patchhttp://www.vupen.com/english/advisories/2009/2013http://secunia.com/advisories/36007http://www.mandriva.com/security/advisories?name=MDVSA-2009:161http://www.mandriva.com/security/advisories?name=MDVSA-2009:178http://www.securityfocus.com/bid/35812http://www.securitytracker.com/id?1022607http://www.squid-cache.org/Advisories/SQUID-2009_2.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patchhttp://www.vupen.com/english/advisories/2009/2013
2009-07-28
Published