Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Remediation

References

CVE-2009-2621

Related Vulnerabilities

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Privilege Escalation (2.3.3)

MediaWiki Improper Authentication Vulnerability (CVE-2013-4304)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2212)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-9067)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-0956)

Severity

Medium

Classification

CVE-2009-2621 CWE-119

Tags

Missing Update Known Vulnerabilities