CVE-2009-2855
EPSS 60.7%squid squid3 - denial of service
發布日:2009/8/18修改日:2026/4/28
描述
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
受影響套件(3)
- Debian/squidfrom 0, < 2.7.STABLE7-1
- Debian/squidfrom 0, < 2.6.5-6etch5
- Debian/squid3from 0, < 3.0.PRE5-5+etch2