Vulnerability in N/a
CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
EPSS: 0.607 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- [oss-security] 20090803 Re: squid DoS in external auth header parser (mailing-list, x_refsource_MLIST)
- 36091 (vdb-entry, x_refsource_BID)
- bugs.debian.org/cgi-bin/bugreport.cgi (x_refsource_CONFIRM)
- [oss-security] 20090804 Re: squid DoS in external auth header parser (mailing-list, x_refsource_MLIST)
- www.squid-cache.org/bugs/show_bug.cgi (x_refsource_MISC)
- www.squid-cache.org/bugs/show_bug.cgi (x_refsource_CONFIRM)
- 1022757 (vdb-entry, x_refsource_SECTRACK)
- oval:org.mitre.oval:def:10592 (x_refsource_OVAL, signature, vdb-entry)
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- [oss-security] 20090720 squid DoS in external auth header parser (mailing-list, x_refsource_MLIST)