The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Squid | Squid | 2.6.stable1 (including) | 2.6.stable1 (including) |
| Squid | Squid | 2.6.stable2 (including) | 2.6.stable2 (including) |
| Squid | Squid | 2.6.stable3 (including) | 2.6.stable3 (including) |
| Squid | Squid | 2.6.stable4 (including) | 2.6.stable4 (including) |
| Squid | Squid | 2.6.stable5 (including) | 2.6.stable5 (including) |
| Squid | Squid | 2.6.stable6 (including) | 2.6.stable6 (including) |
| Squid | Squid | 2.6.stable7 (including) | 2.6.stable7 (including) |
| Squid | Squid | 2.6.stable8 (including) | 2.6.stable8 (including) |
| Squid | Squid | 2.6.stable9 (including) | 2.6.stable9 (including) |
| Squid | Squid | 2.6.stable10 (including) | 2.6.stable10 (including) |
| Squid | Squid | 2.6.stable11 (including) | 2.6.stable11 (including) |
| Red Hat Enterprise Linux 5 | RedHat | squid-7:2.6.STABLE6-4.el5 | * |
| Squid | Ubuntu | devel | * |
| Squid | Ubuntu | edgy | * |
| Squid | Ubuntu | feisty | * |