CVE-2014-3609
Published: 28 August 2014
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
Priority
Status
Package | Release | Status |
---|---|---|
squid3 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.1.19-1ubuntu3.12.04.3)
|
|
trusty |
Released
(3.3.8-1ubuntu6.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12680.patch upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10488.patch |