CVE-2009-2621

Priority
Low
Description
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly
enforce "buffer limits and related bound checks," which allows remote
attackers to cause a denial of service via (1) an incomplete request or (2)
a request with a large header size, related to (a) HttpMsg.cc and (b)
client_side.cc.
References
Package
Upstream:released (3.0.STABLE16-2.1)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:59 UTC (commit 5347)