CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
squid-cachesquid
2.0
squid-cachesquid
2.1
squid-cachesquid
2.2
squid-cachesquid
2.3
squid-cachesquid
2.4
squid-cachesquid
2.5
squid-cachesquid
2.6
squid-cachesquid
2.7
squid-cachesquid
2.7:stable3
squid-cachesquid
2.7:stable4
squid-cachesquid
3.0
squid-cachesquid
3.0.stable1:stable1
squid-cachesquid
3.0.stable2:stable2
squid-cachesquid
3.0.stable3:stable3
squid-cachesquid
3.0.stable4:stable4
squid-cachesquid
3.0.stable5:stable5
squid-cachesquid
3.0.stable6:stable6
squid-cachesquid
3.0.stable7:stable7
squid-cachesquid
3.0.stable8:stable8
squid-cachesquid
3.0.stable9:stable9
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable12:stable12
squid-cachesquid
3.0.stable13:stable13
squid-cachesquid
3.0.stable14:stable14
squid-cachesquid
3.0.stable15:stable15
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable17:stable17
squid-cachesquid
3.0.stable18:stable18
squid-cachesquid
3.0.stable19:stable19
squid-cachesquid
3.0.stable20:stable20
squid-cachesquid
3.0.stable21:stable21
squid-cachesquid
3.0.stable22:stable22
squid-cachesquid
3.0.stable23:stable23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
lenny
no-dsa
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oneiric
Fixed 2.7.STABLE7-1ubuntu6
released
natty
Fixed 2.7.STABLE7-1ubuntu6
released
maverick
Fixed 2.7.STABLE7-1ubuntu6
released
lucid
Fixed 2.7.STABLE7-1ubuntu6
released
karmic
Fixed 2.7.STABLE6-2ubuntu2.2
released
jaunty
Fixed 2.7.STABLE3-4.1ubuntu1.2
released
intrepid
Fixed 2.7.STABLE3-1ubuntu2.3
released
hardy
Fixed 2.6.18-1ubuntu3.2
released
dapper
not-affected
squid3
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 3.0.STABLE19-1ubuntu0.2
released
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
dne
References
http://bugs.squid-cache.org/show_bug.cgi?id=2858
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html
http://osvdb.org/62297
http://secunia.com/advisories/38812
http://www.securityfocus.com/bid/38212
http://www.securitytracker.com/id?1023587
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
http://www.vupen.com/english/advisories/2010/0371
http://www.vupen.com/english/advisories/2010/0603
http://bugs.squid-cache.org/show_bug.cgi?id=2858
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html
http://osvdb.org/62297
http://secunia.com/advisories/38812
http://www.securityfocus.com/bid/38212
http://www.securitytracker.com/id?1023587
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
http://www.vupen.com/english/advisories/2010/0371
http://www.vupen.com/english/advisories/2010/0603