CVE-2014-3609

EPSS 82.8%

squid - security update

Published: 9/11/2014Modified: 4/28/2026

Description

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

Affected packages (5)

Debian/squidfrom 0, < 2.7.STABLE9-5
Debian/squidfrom 0, < 2.7.STABLE9-2.1+deb6u1
Debian/squidfrom 0, < 2.7.STABLE9-4.1+deb7u1
Debian/squid3from 0, < 3.1.6-1.2+squeeze4
Debian/squid3from 0, < 3.1.20-2.2+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3609