CVE-2009-2622 — Improper Input Validation in Squid

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

26.2%

top 3.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid

Timeline

PublishedJul 28

Latest updateMay 2

Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsquid-cache/squid6 versions+5

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-ww59-3r9r-8fph: Squid 3↗2022-05-02

▶

CVEList

CVE-2009-2622: Squid 3↗2009-07-28

▶

📋Vendor Advisories

Red Hat

squid: multiple vulnerabilities fixed in squid 3.0.STABLE17↗2009-07-27

▶

Debian

CVE-2009-2622: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers ...↗2009

▶

💬Community

Bugzilla

CVE-2009-2621, CVE-2009-2622 squid: multiple vulnerabilities fixed in squid 3.0.STABLE17↗2009-07-27

▶