The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
| Software | From | Fixed in |
|---|---|---|
| squid / squid | 2.5_stable9 | 2.5_stable9.x |
| squid / squid | 2.5_.stable3 | 2.5_.stable3.x |
| squid / squid | 2.1_patch2 | 2.1_patch2.x |
| squid / squid | 2.4_.stable7 | 2.4_.stable7.x |
| squid / squid | 2.5.stable5 | 2.5.stable5.x |
| squid / squid | 2.0_patch2 | 2.0_patch2.x |
| squid / squid | 2.5_stable3 | 2.5_stable3.x |
| squid / squid | 2.4_.stable2 | 2.4_.stable2.x |
| squid / squid | 2.3_.stable4 | 2.3_.stable4.x |
| squid / squid | 2.5.stable3 | 2.5.stable3.x |
| squid / squid | 2.3_.stable5 | 2.3_.stable5.x |
| squid / squid | 2.5.6 | 2.5.6.x |
| squid / squid | 2.5.stable1 | 2.5.stable1.x |
| squid / squid | 2.5_.stable5 | 2.5_.stable5.x |
| squid / squid | 2.4_stable7 | 2.4_stable7.x |
| squid / squid | 2.5.stable6 | 2.5.stable6.x |
| squid / squid | 2.5_.stable6 | 2.5_.stable6.x |
| squid / squid | 2.5.stable4 | 2.5.stable4.x |
| squid / squid | 2.5.stable2 | 2.5.stable2.x |
| squid / squid | 2.4_.stable6 | 2.4_.stable6.x |
| squid / squid | 2.5_.stable1 | 2.5_.stable1.x |
| squid / squid | 2.3_stable5 | 2.3_stable5.x |
| squid / squid | 2.4 | 2.4.x |
| squid / squid | 2.5_.stable4 | 2.5_.stable4.x |
| squid / squid | 2.5_stable4 | 2.5_stable4.x |
| squid / squid | 2.6.stable1 | 2.6.stable1.x |
| squid / squid | 2.5.stable7 | 2.5.stable7.x |