CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
squidsquid
2.7.stable1
squidsquid
2.7.stable2
squidsquid
2.7.stable3
squidsquid
2.7.stable4
squidsquid
2.7.stable5
squidsquid
3.0.stable1
squidsquid
3.0.stable2
squidsquid
3.0.stable3
squidsquid
3.0.stable4
squidsquid
3.0.stable5
squidsquid
3.0.stable6
squidsquid
3.0.stable7
squidsquid
3.0.stable8
squidsquid
3.0.stable9
squidsquid
3.0.stable10
squidsquid
3.0.stable11
squidsquid
3.0.stable12
squidsquid
3.1
squidsquid
3.1.0.1
squidsquid
3.1.0.2
squidsquid
3.1.0.3
squidsquid
3.1.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
etch
not-affected
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.10-1
fixed
trixie
6.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 2.7.STABLE3-1ubuntu2.1
released
hardy
not-affected
gutsy
not-affected
dapper
not-affected
squid3
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne