Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-2621

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Related bugs and status

CVE-2009-2621 (Candidate) is related to these bugs:

Bug #411019: Sync squid3 3.0.STABLE18-1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	411019	Sync squid3 3.0.STABLE18-1 (universe) from Debian unstable (main).		squid3 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
VUPEN: ADV-2009-2013
SECUNIA: 36007
MANDRIVA: MDVSA-2009:178
MANDRIVA: MDVSA-2009:161
BID: 35812
SECTRACK: 1022607