CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
squid-cachesquid
3.1
squid-cachesquid
3.1.0.1
squid-cachesquid
3.1.0.2
squid-cachesquid
3.1.0.3
squid-cachesquid
3.1.0.4
squid-cachesquid
3.1.0.5
squid-cachesquid
3.1.0.6
squid-cachesquid
3.1.0.7
squid-cachesquid
3.1.0.8
squid-cachesquid
3.1.0.9
squid-cachesquid
3.1.0.10
squid-cachesquid
3.1.0.11
squid-cachesquid
3.1.0.12
squid-cachesquid
3.1.0.13
squid-cachesquid
3.1.0.14
squid-cachesquid
3.1.0.15
squid-cachesquid
3.1.0.16
squid-cachesquid
3.1.0.17
squid-cachesquid
3.1.0.18
squid-cachesquid
3.1.1
squid-cachesquid
3.1.2
squid-cachesquid
3.1.3
squid-cachesquid
3.1.4
squid-cachesquid
3.1.5
squid-cachesquid
3.1.5.1
squid-cachesquid
3.1.6
squid-cachesquid
3.1.7
squid-cachesquid
3.1.8
squid-cachesquid
3.1.9
squid-cachesquid
3.1.10
squid-cachesquid
3.1.11
squid-cachesquid
3.1.12
squid-cachesquid
3.1.13
squid-cachesquid
3.1.14
squid-cachesquid
3.1.15
squid-cachesquid
3.2.0.1
squid-cachesquid
3.2.0.2
squid-cachesquid
3.2.0.3
squid-cachesquid
3.2.0.4
squid-cachesquid
3.2.0.5
squid-cachesquid
3.2.0.6
squid-cachesquid
3.2.0.7
squid-cachesquid
3.2.0.8
squid-cachesquid
3.2.0.9
squid-cachesquid
3.2.0.10
squid-cachesquid
3.2.0.11
squid-cachesquid
3.2.0.12
squid-cachesquid
3.2.0.13
squid-cachesquid
3.2.0.14
squid-cachesquid
3.2.0.15
squid-cachesquid
3.2.0.16
squid-cachesquid
3.2.0.17
squid-cachesquid
3.2.0.18
squid-cachesquid
3.2.0.19
squid-cachesquid
3.2.1
squid-cachesquid
3.2.2
squid-cachesquid
3.2.3
squid-cachesquid
3.2.4
squid-cachesquid
3.2.5
squid-cachesquid
3.2.6
squid-cachesquid
3.2.7
squid-cachesquid
3.2.8
squid-cachesquid
3.2.9
squid-cachesquid
3.2.10
squid-cachesquid
3.2.11
squid-cachesquid
3.2.12
squid-cachesquid
3.3.0
squid-cachesquid
3.3.0.2
squid-cachesquid
3.3.0.3
squid-cachesquid
3.3.1
squid-cachesquid
3.3.2
squid-cachesquid
3.3.3
squid-cachesquid
3.3.4
squid-cachesquid
3.3.5
squid-cachesquid
3.3.6
squid-cachesquid
3.3.7
squid-cachesquid
3.3.8
squid-cachesquid
3.3.9
squid-cachesquid
3.3.10
squid-cachesquid
3.3.11
squid-cachesquid
3.4.0.1
squid-cachesquid
3.4.0.2
squid-cachesquid
3.4.0.3
squid-cachesquid
3.4.1
squid-cachesquid
3.4.2
squid-cachesquid
3.4.3
squid-cachesquid
3.4.4
squid-cachesquid
3.4.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid3
trusty
Fixed 3.3.8-1ubuntu6.1
released
precise
Fixed 3.1.19-1ubuntu3.12.04.3
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html
http://rhn.redhat.com/errata/RHSA-2014-1147.html
http://secunia.com/advisories/60179
http://secunia.com/advisories/60334
http://secunia.com/advisories/61320
http://secunia.com/advisories/61412
http://www.debian.org/security/2014/dsa-3014
http://www.debian.org/security/2015/dsa-3139
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/69453
http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch
http://www.ubuntu.com/usn/USN-2327-1
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html
http://rhn.redhat.com/errata/RHSA-2014-1147.html
http://secunia.com/advisories/60179
http://secunia.com/advisories/60334
http://secunia.com/advisories/61320
http://secunia.com/advisories/61412
http://www.debian.org/security/2014/dsa-3014
http://www.debian.org/security/2015/dsa-3139
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/69453
http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch
http://www.ubuntu.com/usn/USN-2327-1