CVE-2010-3072

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

squid-cache.org Squid

First reported 14 years ago

2010-09-20 21:00:00

Last updated 14 years ago

2011-01-14 06:46:00

Affected Software

squid-cache.org Squid 3.0

3.0

squid-cache.org Squid 3.0.stable1

3.0.stable1

squid-cache.org Squid 3.0.stable2

3.0.stable2

squid-cache.org Squid 3.0.stable3

3.0.stable3

squid-cache.org Squid 3.0.stable4

3.0.stable4

squid-cache.org Squid 3.0.stable5

3.0.stable5

squid-cache.org Squid 3.0.stable6

3.0.stable6

squid-cache.org Squid 3.0.stable7

3.0.stable7

squid-cache.org Squid 3.0.stable8

3.0.stable8

squid-cache.org Squid 3.0.stable9

3.0.stable9

squid-cache.org Squid 3.0.stable10

3.0.stable10

squid-cache.org Squid 3.0.stable11

3.0.stable11

squid-cache.org Squid 3.0.stable11 release candidate 1

3.0.stable11

squid-cache.org Squid 3.0.stable12

3.0.stable12

squid-cache.org Squid 3.0.stable13

3.0.stable13

squid-cache.org Squid 3.0.stable14

3.0.stable14

squid-cache.org Squid 3.0.stable15

3.0.stable15

squid-cache.org Squid 3.0.stable16

3.0.stable16

squid-cache.org Squid 3.0.stable16 release candidate 1

3.0.stable16

squid-cache.org Squid 3.0.stable17

3.0.stable17

squid-cache.org Squid 3.0.stable18

3.0.stable18

squid-cache.org Squid 3.0.stable19

3.0.stable19

squid-cache.org Squid 3.0.stable20

3.0.stable20

squid-cache.org Squid 3.0.stable21

3.0.stable21

squid-cache.org Squid 3.0.stable22

3.0.stable22

squid-cache.org Squid 3.0.stable23

3.0.stable23

squid-cache.org Squid 3.0.stable24

3.0.stable24

squid-cache.org Squid 3.0.stable25

3.0.stable25

squid-cache.org Squid 3.1

3.1

squid-cache.org Squid 3.1.0.1

3.1.0.1

squid-cache.org Squid 3.1.0.2

3.1.0.2

squid-cache.org Squid 3.1.0.3

3.1.0.3

squid-cache.org Squid 3.1.0.4

3.1.0.4

squid-cache.org Squid 3.1.0.5

3.1.0.5

squid-cache.org Squid 3.1.0.6

3.1.0.6

squid-cache.org Squid 3.1.0.7

3.1.0.7

squid-cache.org Squid 3.1.0.8

3.1.0.8

squid-cache.org Squid 3.1.0.9

3.1.0.9

squid-cache.org Squid 3.1.0.10

3.1.0.10

squid-cache.org Squid 3.1.0.11

3.1.0.11

squid-cache.org Squid 3.1.0.12

3.1.0.12

squid-cache.org Squid 3.1.0.13

3.1.0.13

squid-cache.org Squid 3.1.0.14

3.1.0.14

squid-cache.org Squid 3.1.0.15

3.1.0.15

squid-cache.org Squid 3.1.0.16

3.1.0.16

squid-cache.org Squid 3.1.0.17

3.1.0.17

squid-cache.org Squid 3.1.0.18

3.1.0.18

squid-cache.org Squid 3.1.1

3.1.1

squid-cache.org Squid 3.1.2

3.1.2

squid-cache.org Squid 3.1.3

3.1.3

squid-cache.org Squid 3.1.4

3.1.4

squid-cache.org Squid 3.1.5

3.1.5

squid-cache.org Squid 3.1.5.1

3.1.5.1

squid-cache.org Squid 3.1.6

3.1.6

squid-cache.org Squid 3.1.7

3.1.7

References

FEDORA-2010-14222

FEDORA-2010-14236

SUSE-SR:2010:019

41298

Vendor Advisory

41477

Vendor Advisory

41534

DSA-2111

[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)

Patch

[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)

Patch

42982

http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

Vendor Advisory

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch

Patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch

Patch

ADV-2010-2433

https://bugzilla.redhat.com/show_bug.cgi?id=630444

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.