// For flags

CVE-2008-1612

squid: regression in SQUID-2007:2 / CVE-2007-6239

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

La función arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegación de servicio (terminación del proceso) a través de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmación. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-04-01 CVE Reserved
  • 2008-04-01 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (21)
URL Tag Source
http://marc.info/?l=squid-announce&m=120614453813157&w=2 Mailing List
http://secunia.com/advisories/27477 Third Party Advisory
http://secunia.com/advisories/29813 Third Party Advisory
http://secunia.com/advisories/30032 Third Party Advisory
http://secunia.com/advisories/32109 Third Party Advisory
http://secunia.com/advisories/34467 Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/04/01/5 Mailing List
http://www.securityfocus.com/bid/28693 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41586 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376 Signature
URL Date SRC
http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch 2024-08-07
URL Date SRC
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html 2023-11-07
http://security.gentoo.org/glsa/glsa-200903-38.xml 2023-11-07
http://www.debian.org/security/2008/dsa-1646 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:134 2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0214.html 2023-11-07
http://www.ubuntu.com/usn/usn-601-1 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2008-1612 2008-04-08
https://bugzilla.redhat.com/show_bug.cgi?id=439801 2008-04-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squid
Search vendor "Squid"
 Squid
Search vendor "Squid" for product "Squid"
 2.6.stable17
Search vendor "Squid" for product "Squid" and version "2.6.stable17"
-
Affected