CVE-2009-2855
EPSS 60.7%squid squid3 - denial of service
Published: 8/18/2009Modified: 4/28/2026
Description
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
Affected packages (3)
- Debian/squidfrom 0, < 2.7.STABLE7-1
- Debian/squidfrom 0, < 2.6.5-6etch5
- Debian/squid3from 0, < 3.0.PRE5-5+etch2