Out-of-Bounds Affecting squid package, versions <2.7.STABLE9-2


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
5.47% (94th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN13-SQUID-5696167
  • published8 Feb 2013
  • disclosed8 Feb 2013

Introduced: 8 Feb 2013

CVE-2013-0189  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Debian:13 squid to version 2.7.STABLE9-2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream squid package and not the squid package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

CVSS Scores

version 3.1