CVE-2005-0446

NONE EPSS 98.5%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

Threat Intelligence

EPSS Exploit Probability
98.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 59

VendorProductVersionRange
squidsquid2.0.patch1any
squidsquid2.0.patch2any
squidsquid2.0.pre1any
squidsquid2.0.releaseany
squidsquid2.0_patch2any
squidsquid2.1.patch1any
squidsquid2.1.patch2any
squidsquid2.1.pre1any
squidsquid2.1.pre3any
squidsquid2.1.pre4any
squidsquid2.1.releaseany
squidsquid2.1_patch2any
squidsquid2.2.devel3any
squidsquid2.2.devel4any
squidsquid2.2.pre1any
squidsquid2.2.pre2any
squidsquid2.2.stable1any
squidsquid2.2.stable2any
squidsquid2.2.stable3any
squidsquid2.2.stable4any
squidsquid2.2.stable5any
squidsquid2.3.devel2any
squidsquid2.3.devel3any
squidsquid2.3.stable1any
squidsquid2.3.stable2any
squidsquid2.3.stable3any
squidsquid2.3.stable4any
squidsquid2.3.stable5any
squidsquid2.3_.stable4any
squidsquid2.3_.stable5any
squidsquid2.3_stable5any
squidsquid2.4any
squidsquid2.4.stable1any
squidsquid2.4.stable2any
squidsquid2.4.stable3any
squidsquid2.4.stable4any
squidsquid2.4.stable6any
squidsquid2.4.stable7any
squidsquid2.4_.stable2any
squidsquid2.4_.stable6any
squidsquid2.4_.stable7any
squidsquid2.4_stable7any
squidsquid2.5.6any
squidsquid2.5.stable1any
squidsquid2.5.stable2any
squidsquid2.5.stable3any
squidsquid2.5.stable4any
squidsquid2.5.stable5any
squidsquid2.5.stable6any
squidsquid2.5.stable7any
squidsquid2.5.stable8any
squidsquid2.5_.stable1any
squidsquid2.5_.stable3any
squidsquid2.5_.stable4any
squidsquid2.5_.stable5any
squidsquid2.5_.stable6any
squidsquid2.5_stable3any
squidsquid2.5_stable4any
squidsquid2.5_stable9any

References 14

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
    PatchVendor Advisory
  • fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
  • marc.info http://marc.info/?l=bugtraq&m=110901183320453&w=2
  • secunia.com http://secunia.com/advisories/14271
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-688
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:047
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-173.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-201.html
  • securityfocus.com http://www.securityfocus.com/bid/12551
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch
    Patch
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/19332
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264

Remediation

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/14271
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-688
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-173.html
    PatchVendor Advisory
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch
    Patch