CVE-2014-3609 — Improper Input Validation in Squid

CWE-20 — Improper Input Validation CWE-228 — Improper Handling of Syntactically Invalid Structure CWE-617 — Reachable Assertion9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

82.8%

top 0.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid-cache Squid

Timeline

PublishedSep 11

Latest updateMay 17

Description

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid/squid< 2.7.STABLE9-5+3

▶NVDsquid-cache/squid88 versions+87

🔴Vulnerability Details

GHSA

GHSA-wfpr-78ph-w6wr: HttpHdrRange↗2022-05-17

▶

OSV

CVE-2014-3609: HttpHdrRange↗2014-09-11

▶

CVEList

CVE-2014-3609: HttpHdrRange↗2014-09-11

▶

📋Vendor Advisories

Ubuntu

Squid 3 vulnerability↗2014-08-28

▶

Red Hat

squid: assertion failure in Range header processing (SQUID-2014:2)↗2014-08-28

▶

Debian

CVE-2014-3609: squid - HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote ...↗2014

▶

💬Community

Bugzilla

CVE-2014-3609 squid: assertion failure in Range header processing [fedora-all]↗2014-08-28

▶

Bugzilla

CVE-2014-3609 squid: assertion failure in Range header processing (SQUID-2014:2)↗2014-08-27

▶