Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to consume excessive memory, resulting in a denial-of-service condition.

Note that to exploit this issue, an attacker must be a legitimate client user of the proxy.

The Squid 3.x branch is vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus