Description
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
Remediation
References
Related Vulnerabilities
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.9)
SharePoint CVE-2021-28450 Vulnerability (CVE-2021-28450)
MySQL CVE-2014-6469 Vulnerability (CVE-2014-6469)
Joomla Incorrect Authorization Vulnerability (CVE-2010-1435)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-28491)