CVE-2010-0639
published 2010-02-15CVE-2010-0639: The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote…
PriorityP334medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
30.56%
98.0th percentile
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.7.STABLE8-1 (bookworm) | squid 2.7.STABLE8-1 (bookworm) |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Squid Proxy up to 2.5 htcp.c htcpHandleTstRequest null pointer dereference (Nessus ID 75745 / ID 195052)
vuldb·2026-04-30·CVSS 5.0
CVE-2010-0639 [MEDIUM] Squid Proxy up to 2.5 htcp.c htcpHandleTstRequest null pointer dereference (Nessus ID 75745 / ID 195052)
A vulnerability, which was classified as problematic, was found in Squid Proxy up to 2.5. This issue affects the function htcpHandleTstRequest of the file htcp.c. The manipulation results in null pointer dereference.
This vulnerability was named CVE-2010-0639. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-cg3x-2572-rpvr: The htcpHandleTstRequest function in htcp
ghsa_unreviewed·2022-05-02
CVE-2010-0639 [MEDIUM] GHSA-cg3x-2572-rpvr: The htcpHandleTstRequest function in htcp
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
OSV
CVE-2010-0639: The htcpHandleTstRequest function in htcp
osv·2010-02-15·CVSS 5.0
CVE-2010-0639 [MEDIUM] CVE-2010-0639: The htcpHandleTstRequest function in htcp
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Ubuntu
Squid vulnerability
vendor_ubuntu·2010-02-24
CVE-2010-0639 Squid vulnerability
Title: Squid vulnerability
Summary: Squid vulnerability
It was discovered that Squid incorrectly handled certain malformed packets
received on the HTCP port. A remote attacker could exploit this with a
specially-crafted packet and cause Squid to crash, resulting in a denial of
service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
squid: HTCP packet temporary DoS (SQUID-2010:2)
vendor_redhat·2010-02-12·CVSS 5.0
CVE-2010-0639 [MEDIUM] squid: HTCP packet temporary DoS (SQUID-2010:2)
squid: HTCP packet temporary DoS (SQUID-2010:2)
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Statement: Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.
Debian
CVE-2010-0639: squid - The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and...
vendor_debian·2010·CVSS 5.0
CVE-2010-0639 [MEDIUM] CVE-2010-0639: squid - The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and...
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Scope: local
bookworm: resolved (fixed in 2.7.STABLE8-1)
bullseye: resolved (fixed in 2.7.STABLE8-1)
forky: resolved (fixed in 2.7.STABLE8-1)
sid: resolved (fixed in 2.7.STABLE8-1)
trixie: resolved (fixed in 2.7.STABLE8-1)
No detection rules found.
No public exploits indexed.
http://bugs.squid-cache.org/show_bug.cgi?id=2858http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.htmlhttp://osvdb.org/62297http://secunia.com/advisories/38812http://www.securityfocus.com/bid/38212http://www.securitytracker.com/id?1023587http://www.squid-cache.org/Advisories/SQUID-2010_2.txthttp://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patchhttp://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patchhttp://www.vupen.com/english/advisories/2010/0371http://www.vupen.com/english/advisories/2010/0603http://bugs.squid-cache.org/show_bug.cgi?id=2858http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.htmlhttp://osvdb.org/62297http://secunia.com/advisories/38812http://www.securityfocus.com/bid/38212http://www.securitytracker.com/id?1023587http://www.squid-cache.org/Advisories/SQUID-2010_2.txthttp://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patchhttp://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patchhttp://www.vupen.com/english/advisories/2010/0371http://www.vupen.com/english/advisories/2010/0603
2010-02-15
Published