Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Squid | Squid | * | 2.4_stable_3 (including) |