Vulnerability in Squid-cache Squid
CVE-2010-3072
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
EPSS: 0.725 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Squid-cache Squid — versions 3.0.stable4, 3.0.stable8, 3.1.0.5
- N/a — versions n/a
References
- FEDORA-2010-14236 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- FEDORA-2010-14222 (x_refsource_FEDORA, vendor-advisory)
- 41298 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- ADV-2010-2433 (vdb-entry, x_refsource_VUPEN)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- 41477 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- DSA-2111 (vendor-advisory, x_refsource_DEBIAN)