Squid-Cache: >> Squid >> 2.5 Security Vulnerabilities
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
CVSS Score
5.0
EPSS Score
0.494
Published
2010-02-15
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
CVSS Score
4.0
EPSS Score
0.146
Published
2010-02-03
Page 5