cbcvebase.
CVE-2010-3072
published 2010-09-20

CVE-2010-3072: The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL…

PriorityP338medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
64.24%
99.1th percentile
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Affected

54 ranges· showing 25
VendorProductVersion rangeFixed in
debiansquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a crafted HTTP request sent to Squid proxy that causes a NULL pointer dereference in string-comparison functions within String.cci. Monitor Squid daemon for unexpected crashes (NULL pointer dereference) originating from remote client requests.
  • The vulnerable code path resides in String.cci (string-comparison functions). Focus code-level or patch-diff analysis on this file in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2.
  • ·Only Squid 3.x (before 3.1.8) and 3.2.x (before 3.2.0.2) are affected. Squid as shipped with Red Hat Enterprise Linux 3, 4, and 5 is NOT affected; detection efforts should focus on RHEL 6 and Fedora deployments running vulnerable versions.
  • ·The attacker must be a 'remote, trusted client', implying the exploit vector may be limited to clients that Squid considers trusted (e.g., within allowed ACLs). Detection rules should account for this trust boundary.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.