CVE-2008-1612

Published: 01 April 2008

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Priority

Medium

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.18-1)
Patches:
Other: http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch