CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
squid-cachesquid
3.0
squid-cachesquid
3.0.stable1:stable1
squid-cachesquid
3.0.stable2:stable2
squid-cachesquid
3.0.stable3:stable3
squid-cachesquid
3.0.stable4:stable4
squid-cachesquid
3.0.stable5:stable5
squid-cachesquid
3.0.stable6:stable6
squid-cachesquid
3.0.stable7:stable7
squid-cachesquid
3.0.stable8:stable8
squid-cachesquid
3.0.stable9:stable9
squid-cachesquid
3.0.stable10:stable10
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable12:stable12
squid-cachesquid
3.0.stable13:stable13
squid-cachesquid
3.0.stable14:stable14
squid-cachesquid
3.0.stable15:stable15
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable17:stable17
squid-cachesquid
3.0.stable18:stable18
squid-cachesquid
3.0.stable19:stable19
squid-cachesquid
3.0.stable20:stable20
squid-cachesquid
3.0.stable21:stable21
squid-cachesquid
3.0.stable22:stable22
squid-cachesquid
3.0.stable23:stable23
squid-cachesquid
3.0.stable24:stable24
squid-cachesquid
3.0.stable25:stable25
squid-cachesquid
3.1
squid-cachesquid
3.1.0.1
squid-cachesquid
3.1.0.2
squid-cachesquid
3.1.0.3
squid-cachesquid
3.1.0.4
squid-cachesquid
3.1.0.5
squid-cachesquid
3.1.0.6
squid-cachesquid
3.1.0.7
squid-cachesquid
3.1.0.8
squid-cachesquid
3.1.0.9
squid-cachesquid
3.1.0.10
squid-cachesquid
3.1.0.11
squid-cachesquid
3.1.0.12
squid-cachesquid
3.1.0.13
squid-cachesquid
3.1.0.14
squid-cachesquid
3.1.0.15
squid-cachesquid
3.1.0.16
squid-cachesquid
3.1.0.17
squid-cachesquid
3.1.0.18
squid-cachesquid
3.1.1
squid-cachesquid
3.1.2
squid-cachesquid
3.1.3
squid-cachesquid
3.1.4
squid-cachesquid
3.1.5
squid-cachesquid
3.1.5.1
squid-cachesquid
3.1.6
squid-cachesquid
3.1.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
hardy
not-affected
dapper
not-affected
squid3
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 3.0.STABLE19-1ubuntu0.1
released
karmic
ignored
jaunty
Fixed 3.0.STABLE8-3+lenny4build0.9.04.1
released
hardy
ignored
dapper
dne
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/41298
http://secunia.com/advisories/41477
http://secunia.com/advisories/41534
http://www.debian.org/security/2010/dsa-2111
http://www.openwall.com/lists/oss-security/2010/09/05/2
http://www.openwall.com/lists/oss-security/2010/09/07/7
http://www.securityfocus.com/bid/42982
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch
http://www.vupen.com/english/advisories/2010/2433
https://bugzilla.redhat.com/show_bug.cgi?id=630444
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/41298
http://secunia.com/advisories/41477
http://secunia.com/advisories/41534
http://www.debian.org/security/2010/dsa-2111
http://www.openwall.com/lists/oss-security/2010/09/05/2
http://www.openwall.com/lists/oss-security/2010/09/07/7
http://www.securityfocus.com/bid/42982
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch
http://www.vupen.com/english/advisories/2010/2433
https://bugzilla.redhat.com/show_bug.cgi?id=630444