Squid.StrListGetItem.DoS

description-logoDescription

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

affected-products-logoAffected Products

Squid Web Proxy Cache 3.1 5 and previous versions.

Impact logoImpact

Denial of Service.

recomended-action-logoRecommended Actions

Apply patch:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-10-16 13.473 Sig Added