CVE-2013-1839 — Improper Input Validation in Squid

CWE-20 — Improper Input Validation6 documents5 sources
Severity
7.8HIGHNVD
EPSS
41.9%
top 2.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Squid-cache Squid
Timeline
PublishedSep 30
Latest updateMay 17

Description

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

â–¶NVDsquid-cache/squid32 versions+31

🔴Vulnerability Details

2
GHSA
GHSA-whxc-8p42-x72j: The strHdrAcptLangGetItem function in errorpage↗2022-05-17
â–¶
CVEList
CVE-2013-1839: The strHdrAcptLangGetItem function in errorpage↗2013-09-30
â–¶

📋Vendor Advisories

1
Red Hat
Squid: strHdrAcptLangGetItem() infinite CPU loop↗2013-03-05
â–¶

💬Community

2
Bugzilla
CVE-2013-1839 Squid: strHdrAcptLangGetItem() infinite CPU loop [fedora-all]↗2013-03-19
â–¶
Bugzilla
CVE-2013-1839 Squid: strHdrAcptLangGetItem() infinite CPU loop↗2013-03-12
â–¶
CVE-2013-1839 — Improper Input Validation in Squid | cvebase