CVE-2005-2796

NONE EPSS 94.0%
Published Sep 7, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Sep 7, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

Threat Intelligence

EPSS Exploit Probability
94.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 61

VendorProductVersionRange
squidsquid2.0.patch1any
squidsquid2.0.patch2any
squidsquid2.0.pre1any
squidsquid2.0.releaseany
squidsquid2.0_patch2any
squidsquid2.1.patch1any
squidsquid2.1.patch2any
squidsquid2.1.pre1any
squidsquid2.1.pre3any
squidsquid2.1.pre4any
squidsquid2.1.releaseany
squidsquid2.1_patch2any
squidsquid2.2.devel3any
squidsquid2.2.devel4any
squidsquid2.2.pre1any
squidsquid2.2.pre2any
squidsquid2.2.stable1any
squidsquid2.2.stable2any
squidsquid2.2.stable3any
squidsquid2.2.stable4any
squidsquid2.2.stable5any
squidsquid2.3.devel2any
squidsquid2.3.devel3any
squidsquid2.3.stable1any
squidsquid2.3.stable2any
squidsquid2.3.stable3any
squidsquid2.3.stable4any
squidsquid2.3.stable5any
squidsquid2.3_.stable4any
squidsquid2.3_.stable5any
squidsquid2.3_stable5any
squidsquid2.4any
squidsquid2.4.stable1any
squidsquid2.4.stable2any
squidsquid2.4.stable3any
squidsquid2.4.stable4any
squidsquid2.4.stable6any
squidsquid2.4.stable7any
squidsquid2.4_.stable2any
squidsquid2.4_.stable6any
squidsquid2.4_.stable7any
squidsquid2.4_stable7any
squidsquid2.5.6any
squidsquid2.5.stable1any
squidsquid2.5.stable2any
squidsquid2.5.stable3any
squidsquid2.5.stable4any
squidsquid2.5.stable5any
squidsquid2.5.stable6any
squidsquid2.5.stable7any
squidsquid2.5.stable8any
squidsquid2.5.stable9any
squidsquid2.5.stable10any
squidsquid2.5_.stable1any
squidsquid2.5_.stable3any
squidsquid2.5_.stable4any
squidsquid2.5_.stable5any
squidsquid2.5_.stable6any
squidsquid2.5_stable3any
squidsquid2.5_stable4any
squidsquid2.5_stable9any

References 13

  • fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
  • secunia.com http://secunia.com/advisories/16977
  • secunia.com http://secunia.com/advisories/17027
  • securitytracker.com http://securitytracker.com/id?1014846
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-809
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:162
  • novell.com http://www.novell.com/linux/security/advisories/2005_21_sr.html
  • novell.com http://www.novell.com/linux/security/advisories/2005_53_squid.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-766.html
  • securityfocus.com http://www.securityfocus.com/bid/14731
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    PatchVendor Advisory
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522

Remediation

  • securitytracker.com http://securitytracker.com/id?1014846
    PatchVendor Advisory
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    PatchVendor Advisory