Launchpad.net

CVE 2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Related bugs and status

CVE-2009-0478 (Candidate) is related to these bugs:

Bug #330192: squid affected by CVE-2009-0478

		In	Importance	Status
330192	squid affected by CVE-2009-0478	squid (Ubuntu)	Undecided	Fix Released
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu)	Undecided	Fix Released
330192	squid affected by CVE-2009-0478	squid (Ubuntu Dapper)	Undecided	Invalid
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu Dapper)	Undecided	Invalid
330192	squid affected by CVE-2009-0478	squid (Ubuntu Gutsy)	Undecided	Invalid
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu Gutsy)	Undecided	Won't Fix
330192	squid affected by CVE-2009-0478	squid (Ubuntu Hardy)	Undecided	Invalid
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu Hardy)	Undecided	Won't Fix
330192	squid affected by CVE-2009-0478	squid (Ubuntu Intrepid)	Undecided	Fix Released
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu Intrepid)	Undecided	Invalid
330192	squid affected by CVE-2009-0478	squid (Ubuntu Jaunty)	Undecided	Fix Released
330192	squid affected by CVE-2009-0478	squid3 (Ubuntu Jaunty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
CONFIRM: https://bugzilla.redha...
BID: 33604
SECTRACK: 1021684
SECUNIA: 33731
MANDRIVA: MDVSA-2009:034
SUSE: SUSE-SR:2009:005
GENTOO: GLSA-200903-38
SECUNIA: 34467
EXPLOIT-DB: 8021
BUGTRAQ: 20090204 Squid Proxy C...