Published: 07/09/2005 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and previous versions allows remote malicious users to cause a denial of service (segmentation fault) via certain crafted requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid squid 2.0_patch2
squid squid 2.1.patch1
squid squid 2.2.devel3
squid squid 2.2.devel4
squid squid 2.3.devel2
squid squid 2.3.devel3
squid squid 2.3_.stable5
squid squid 2.3_stable5
squid squid 2.4.stable7
squid squid 2.4_.stable2
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5_.stable3
squid squid 2.5_.stable4
squid squid 2.1.patch2
squid squid 2.1.pre1
squid squid 2.2.pre1
squid squid 2.2.pre2
squid squid 2.3.stable1
squid squid 2.3.stable2
squid squid 2.4
squid squid 2.4.stable1
squid squid 2.4_.stable6
squid squid 2.4_.stable7
squid squid 2.5.stable5
squid squid 2.5.stable6
squid squid 2.5_.stable5
squid squid 2.5_.stable6
squid squid 2.0.pre1
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.1_patch2
squid squid 2.2.stable4
squid squid 2.2.stable5
squid squid 2.3.stable5
squid squid 2.3_.stable4
squid squid 2.4.stable4
squid squid 2.4.stable6
squid squid 2.5.stable10
squid squid 2.5.stable2
squid squid 2.5.stable9
squid squid 2.5_.stable1
squid squid 2.5_stable9
squid squid 2.0.patch1
squid squid 2.0.patch2
squid squid 2.1.pre3
squid squid 2.1.pre4
squid squid 2.2.stable1
squid squid 2.2.stable2
squid squid 2.2.stable3
squid squid 2.3.stable3
squid squid 2.3.stable4
squid squid 2.4.stable2
squid squid 2.4.stable3
squid squid 2.4_stable7
squid squid 2.5.6
squid squid 2.5.stable1
squid squid 2.5.stable7
squid squid 2.5.stable8
squid squid 2.5_stable3
squid squid 2.5_stable4

Synopsis squid security update Type/Severity Security Advisory: Important Topic An updated Squid package that fixes security issues is now availableThis update has been rated as having important security impact by the RedHat Security Response Team Description Squid is a full-featured Web ...

A Denial of Service vulnerability was discovered in the handling of aborted requests A remote attacker could exploit this to crash Squid by sending specially crafted requests (CAN-2005-2794) ...

Certain aborted requests that trigger an assertion in squid, the popular WWW proxy cache, may allow remote attackers to cause a denial of service This update also fixes a regression caused by DSA 751 For completeness below is the original advisory text: Several vulnerabilities have been discovered in Squid, the popular WWW proxy cache The Com ...

NVD-CWE-Other http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout http://securitytracker.com/id?1014846 http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml http://www.debian.org/security/2005/dsa-809 http://www.mandriva.com/security/advisories?name=MDKSA-2005:162 http://www.redhat.com/support/errata/RHSA-2005-766.html http://www.novell.com/linux/security/advisories/2005_53_squid.html http://www.securityfocus.com/bid/14731 http://fedoranews.org/updates/FEDORA--.shtml http://www.novell.com/linux/security/advisories/2005_21_sr.html http://secunia.com/advisories/16977 http://secunia.com/advisories/17027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522 https://access.redhat.com/errata/RHSA-2005:766 https://usn.ubuntu.com/183-1/https://nvd.nist.gov

CVE-2005-2796

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect