CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
squidsquid
2.7.stable1:stable1
squidsquid
2.7.stable2:stable2
squidsquid
2.7.stable3:stable3
squidsquid
2.7.stable4:stable4
squidsquid
2.7.stable5:stable5
squidsquid
3.0.stable1:stable1
squidsquid
3.0.stable2:stable2
squidsquid
3.0.stable3:stable3
squidsquid
3.0.stable4:stable4
squidsquid
3.0.stable5:stable5
squidsquid
3.0.stable6:stable6
squidsquid
3.0.stable7:stable7
squidsquid
3.0.stable8:stable8
squidsquid
3.0.stable9:stable9
squidsquid
3.0.stable10:stable10
squidsquid
3.0.stable11:stable11
squidsquid
3.0.stable12:stable12
squidsquid
3.1
squidsquid
3.1.0.1
squidsquid
3.1.0.2
squidsquid
3.1.0.3
squidsquid
3.1.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye
4.13-10+deb11u3
fixed
bullseye (security)
4.13-10+deb11u3
fixed
etch
not-affected
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 2.7.STABLE3-1ubuntu2.1
released
hardy
not-affected
gutsy
not-affected
dapper
not-affected
squid3
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne