FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- Denial of Service vulnerability in DNS handling

Affected packages
2.7.1 <= squid < 2.7.7_3
3.0.1 <= squid < 3.0.23 <= squid <


VuXML ID 296ecb59-0f6b-11df-8bab-0019996bc1f7
Discovery 2010-01-14
Entry 2010-02-01
Modified 2010-05-02

Squid security advisory 2010:1 reports:

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets.

This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term denial of service attack on the Squid service.


CVE Name CVE-2010-0308