DoS vulnerability in Squid Web proxy
Users can trip up the Squid Web proxy thanks to a flaw that has been reported, but not described in detail. The security advisory also does not state whether the program crashes completely or simply does not work properly anymore. For instance, the connection to the web could be interrupted. The flaw reportedly stems from the handling of a reply to a cache update initiated by the user. The flaw is found in Squid 2.x (up to and including STABLE16) and Squid 3. In Squid 2.6. STABLE17 and the snapshots of November 28, the DoS problem has been remedied. Patches have also been made available.
- Denial of service in cache updates, security advisory at Squid-cache.org
(ehe)