CVE-2005-2796
NONE EPSS 94.0%
Published Sep 7, 200520y ago · Modified Jun 16, 20262w ago
Published Sep 7, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
Threat Intelligence
EPSS Exploit Probability
94.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 61
| Vendor | Product | Version | Range |
|---|---|---|---|
| squid | squid | 2.0.patch1 | any |
| squid | squid | 2.0.patch2 | any |
| squid | squid | 2.0.pre1 | any |
| squid | squid | 2.0.release | any |
| squid | squid | 2.0_patch2 | any |
| squid | squid | 2.1.patch1 | any |
| squid | squid | 2.1.patch2 | any |
| squid | squid | 2.1.pre1 | any |
| squid | squid | 2.1.pre3 | any |
| squid | squid | 2.1.pre4 | any |
| squid | squid | 2.1.release | any |
| squid | squid | 2.1_patch2 | any |
| squid | squid | 2.2.devel3 | any |
| squid | squid | 2.2.devel4 | any |
| squid | squid | 2.2.pre1 | any |
| squid | squid | 2.2.pre2 | any |
| squid | squid | 2.2.stable1 | any |
| squid | squid | 2.2.stable2 | any |
| squid | squid | 2.2.stable3 | any |
| squid | squid | 2.2.stable4 | any |
| squid | squid | 2.2.stable5 | any |
| squid | squid | 2.3.devel2 | any |
| squid | squid | 2.3.devel3 | any |
| squid | squid | 2.3.stable1 | any |
| squid | squid | 2.3.stable2 | any |
| squid | squid | 2.3.stable3 | any |
| squid | squid | 2.3.stable4 | any |
| squid | squid | 2.3.stable5 | any |
| squid | squid | 2.3_.stable4 | any |
| squid | squid | 2.3_.stable5 | any |
| squid | squid | 2.3_stable5 | any |
| squid | squid | 2.4 | any |
| squid | squid | 2.4.stable1 | any |
| squid | squid | 2.4.stable2 | any |
| squid | squid | 2.4.stable3 | any |
| squid | squid | 2.4.stable4 | any |
| squid | squid | 2.4.stable6 | any |
| squid | squid | 2.4.stable7 | any |
| squid | squid | 2.4_.stable2 | any |
| squid | squid | 2.4_.stable6 | any |
| squid | squid | 2.4_.stable7 | any |
| squid | squid | 2.4_stable7 | any |
| squid | squid | 2.5.6 | any |
| squid | squid | 2.5.stable1 | any |
| squid | squid | 2.5.stable2 | any |
| squid | squid | 2.5.stable3 | any |
| squid | squid | 2.5.stable4 | any |
| squid | squid | 2.5.stable5 | any |
| squid | squid | 2.5.stable6 | any |
| squid | squid | 2.5.stable7 | any |
| squid | squid | 2.5.stable8 | any |
| squid | squid | 2.5.stable9 | any |
| squid | squid | 2.5.stable10 | any |
| squid | squid | 2.5_.stable1 | any |
| squid | squid | 2.5_.stable3 | any |
| squid | squid | 2.5_.stable4 | any |
| squid | squid | 2.5_.stable5 | any |
| squid | squid | 2.5_.stable6 | any |
| squid | squid | 2.5_stable3 | any |
| squid | squid | 2.5_stable4 | any |
| squid | squid | 2.5_stable9 | any |
References 13
- fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
- secunia.com http://secunia.com/advisories/16977
- secunia.com http://secunia.com/advisories/17027
- securitytracker.com http://securitytracker.com/id?1014846
- debian.org http://www.debian.org/security/2005/dsa-809
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:162
- novell.com http://www.novell.com/linux/security/advisories/2005_21_sr.html
- novell.com http://www.novell.com/linux/security/advisories/2005_53_squid.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-766.html
- securityfocus.com http://www.securityfocus.com/bid/14731
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522
Remediation
- securitytracker.com http://securitytracker.com/id?1014846
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout