CVE-2010-0308Improper Input Validation in Squid

CWE-20Improper Input Validation10 documents9 sources
Severity
4.0MEDIUMNVD
EPSS
11.0%
top 6.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SquidSquid-cache Squid
Timeline
PublishedFeb 3
Latest updateMay 2

Description

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Debiansquid/squid< 2.7.STABLE8-1+3
NVDsquid-cache/squid46 versions+45

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.org

🔴Vulnerability Details

3
GHSA
GHSA-wg6g-7g6h-p73r: lib/rfc10352022-05-02
OSV
CVE-2010-0308: lib/rfc10352010-02-03
CVEList
CVE-2010-0308: lib/rfc10352010-02-03

💥Exploits & PoCs

1
Exploit-DB
URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)2010-09-25

📋Vendor Advisories

3
Ubuntu
Squid vulnerabilities2010-02-16
Debian
CVE-2010-0308: squid - lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 a...2010
Red Hat
squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)2009-12-27

💬Community

2
Bugzilla
CVE-2010-0308 squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1) [Fedora all]2010-02-04
Bugzilla
CVE-2010-0308 squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)2010-01-18
CVE-2010-0308 — Improper Input Validation in Squid | cvebase