CVE-2007-6239

Published: Dec 4, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

Affected (38)

Products: Squid: Squid Web Proxy Cache

Squid

1 product

Squid Web Proxy Cache

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Squid Squid Web Proxy Cache	Version 2.0_patch2
Squid Squid Web Proxy Cache	Version 2.1_patch2
Squid Squid Web Proxy Cache	Version 2.3.stable4
Squid Squid Web Proxy Cache	Version 2.3.stable5
Squid Squid Web Proxy Cache	Version 2.4_stable2
Squid Squid Web Proxy Cache	Version 2.4_stable4
Squid Squid Web Proxy Cache	Version 2.4_stable6
Squid Squid Web Proxy Cache	Version 2.4_stable7
Squid Squid Web Proxy Cache	Version 2.5.stable11
Squid Squid Web Proxy Cache	Version 2.5.stable12
Squid Squid Web Proxy Cache	Version 2.5.stable13
Squid Squid Web Proxy Cache	Version 2.5.stable14
Squid Squid Web Proxy Cache	Version 2.5_.stable9
Squid Squid Web Proxy Cache	Version 2.5_stable10
Squid Squid Web Proxy Cache	Version 2.5_stable1
Squid Squid Web Proxy Cache	Version 2.5_stable3
Squid Squid Web Proxy Cache	Version 2.5_stable4
Squid Squid Web Proxy Cache	Version 2.5_stable5
Squid Squid Web Proxy Cache	Version 2.5_stable6
Squid Squid Web Proxy Cache	Version 2.5_stable7
Squid Squid Web Proxy Cache	Version 2.5_stable8
Squid Squid Web Proxy Cache	Version 2.6.stable12
Squid Squid Web Proxy Cache	Version 2.6.stable13
Squid Squid Web Proxy Cache	Version 2.6.stable14
Squid Squid Web Proxy Cache	Version 2.6.stable15
Squid Squid Web Proxy Cache	Version 2.6.stable16
Squid Squid Web Proxy Cache	Version 2.6.stable1
Squid Squid Web Proxy Cache	Version 2.6.stable2
Squid Squid Web Proxy Cache	Version 2.6.stable3
Squid Squid Web Proxy Cache	Version 2.6.stable4
Squid Squid Web Proxy Cache	Version 2.6.stable5
Squid Squid Web Proxy Cache	Version 2.6.stable6
Squid Squid Web Proxy Cache	Version 2.6.stable7
Squid Squid Web Proxy Cache	Version 2.6
Squid Squid Web Proxy Cache	Version 3.0
Squid Squid Web Proxy Cache	Version 3.0_pre1
Squid Squid Web Proxy Cache	Version 3.0_pre2
Squid Squid Web Proxy Cache	Version 3.0_pre3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (54)

http://bugs.gentoo.org/show_bug.cgi?id=201209

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html

Source: secalert@redhat.com

http://secunia.com/advisories/27910

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/28091

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28109

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28350

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28381

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28403

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28412

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28814

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/34467

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200801-05.xml

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200903-38.xml

Source: secalert@redhat.com

http://www.debian.org/security/2008/dsa-1482

Source: secalert@redhat.com

Patch

http://www.kb.cert.org/vuls/id/232881

Source: secalert@redhat.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2008:002

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-1130.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/26687

Source: secalert@redhat.com

Patch

http://www.securitytracker.com/id?1019036

Source: secalert@redhat.com

http://www.squid-cache.org/Advisories/SQUID-2007_2.txt

Source: secalert@redhat.com

PatchVendor Advisory

http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch

Source: secalert@redhat.com

ExploitVendor Advisory

http://www.ubuntu.com/usn/usn-565-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/4066

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=410181

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=201209