FKIE_CVE-2010-0639

Vulnerability from fkie_nvd - Published: 2010-02-15 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
cve@mitre.orghttp://bugs.squid-cache.org/show_bug.cgi?id=2858
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html
cve@mitre.orghttp://osvdb.org/62297
cve@mitre.orghttp://secunia.com/advisories/38812Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/38212
cve@mitre.orghttp://www.securitytracker.com/id?1023587
cve@mitre.orghttp://www.squid-cache.org/Advisories/SQUID-2010_2.txtVendor Advisory
cve@mitre.orghttp://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patchPatch
cve@mitre.orghttp://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patchPatch
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0371Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0603Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.squid-cache.org/show_bug.cgi?id=2858
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/62297
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38812Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38212
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023587
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Advisories/SQUID-2010_2.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0371Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0603Vendor Advisory
Impacted products
Vendor Product Version
squid-cache squid 2.0
squid-cache squid 2.1
squid-cache squid 2.2
squid-cache squid 2.3
squid-cache squid 2.4
squid-cache squid 2.5
squid-cache squid 2.6
squid-cache squid 2.7
squid-cache squid 2.7
squid-cache squid 2.7
squid-cache squid 3.0
squid-cache squid 3.0.stable1
squid-cache squid 3.0.stable2
squid-cache squid 3.0.stable3
squid-cache squid 3.0.stable4
squid-cache squid 3.0.stable5
squid-cache squid 3.0.stable6
squid-cache squid 3.0.stable7
squid-cache squid 3.0.stable8
squid-cache squid 3.0.stable9
squid-cache squid 3.0.stable11
squid-cache squid 3.0.stable12
squid-cache squid 3.0.stable13
squid-cache squid 3.0.stable14
squid-cache squid 3.0.stable15
squid-cache squid 3.0.stable16
squid-cache squid 3.0.stable17
squid-cache squid 3.0.stable18
squid-cache squid 3.0.stable19
squid-cache squid 3.0.stable20
squid-cache squid 3.0.stable21
squid-cache squid 3.0.stable22
squid-cache squid 3.0.stable23
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3DCC264-510E-43D1-9C13-99CEA54C7940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED31C038-4142-4C2C-B540-9223C5C199FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "177060A9-6211-4B6D-96BE-48B4BD1FAFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "50327E36-756E-434D-804D-1E44A4ABAE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
              "matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
              "matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
              "matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
              "matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
              "matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
              "matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
              "matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
              "matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versi\u00f3n 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versi\u00f3n 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027NULL Pointer Dereference\u0027",
  "id": "CVE-2010-0639",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-15T18:30:00.893",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/62297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38812"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023587"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/62297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0603"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.",
      "lastModified": "2010-02-16T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.