QwikSec

Security Database

CVE

CWE

Training

CVE-2004-2654

Published: Feb 24, 2006

Modified: Aug 8, 2024

PUBLISHED

Description

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.squid-cache.org/bugs/show_bug.cgi?id=972

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_OSVDB

20060223 old Squid clientAbortBody issue - NOT an overflow?

mailing-list

x_refsource_VIM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://www.securitylab.ru/47881.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.