oss-sec mailing list archives

Re: CVE id request: squid

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 1 Apr 2008 12:13:22 -0400 (EDT)


Notice the reference to oss-security :)

- Steve


======================================================
Name: CVE-2008-1612
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612
Reference: MISC:http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
Reference: MLIST:[oss-security] 20080401 CVE id request: squid
Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/01/5
Reference: MLIST:[squid-announce[ 20080322 Advisory Squid-2007:2 updated
Reference: URL:http://marc.info/?l=squid-announce&m=120614453813157&w=2

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows
attackers to cause a denial of service (process exit) via unknown
vectors that cause an array to shrink to 0 entries, which triggers an
assert error.  NOTE: this issue is due to an incorrect fix for
CVE-2007-6239.

Current thread:

CVE id request: squid Tomas Hoger (Apr 01)
- Re: CVE id request: squid Steven M. Christey (Apr 01)