CVE-2009-0478

EPSS 77.1%

squid3 - denial of service

Published: 2/8/2009Modified: 4/28/2026

Description

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Affected packages (2)

Debian/squidfrom 0, < 2.7.STABLE3-4.1
Debian/squid3from 0, < 3.0.PRE5-5+etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0478