CVE-2004-2654

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2654
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squid / squid	2.5_stable5	2.5_stable5.x

http://secunia.com/advisories/12508
http://secunia.com/advisories/12754
http://securitytracker.com/id?1011214
http://www.attrition.org/pipermail/vim/2006-February/000570.html
http://www.osvdb.org/9801
http://www.securitylab.ru/47881.html
http://www.squid-cache.org/bugs/show_bug.cgi?id=972

Vulnerability Database

289,599

CVE-2004-2654