The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Squid | Squid-cache | 2.0 (including) | 2.0 (including) |
| Squid | Squid-cache | 2.1 (including) | 2.1 (including) |
| Squid | Squid-cache | 2.2 (including) | 2.2 (including) |
| Squid | Squid-cache | 2.3 (including) | 2.3 (including) |
| Squid | Squid-cache | 2.4 (including) | 2.4 (including) |
| Squid | Squid-cache | 2.5 (including) | 2.5 (including) |
| Squid | Squid-cache | 2.6 (including) | 2.6 (including) |
| Squid | Squid-cache | 2.7 (including) | 2.7 (including) |
| Squid | Squid-cache | 2.7-stable3 (including) | 2.7-stable3 (including) |
| Squid | Squid-cache | 2.7-stable4 (including) | 2.7-stable4 (including) |
| Squid | Squid-cache | 3.0 (including) | 3.0 (including) |
| Squid | Squid-cache | 3.0.stable1 (including) | 3.0.stable1 (including) |
| Squid | Squid-cache | 3.0.stable2 (including) | 3.0.stable2 (including) |
| Squid | Squid-cache | 3.0.stable3 (including) | 3.0.stable3 (including) |
| Squid | Squid-cache | 3.0.stable4 (including) | 3.0.stable4 (including) |
| Squid | Squid-cache | 3.0.stable5 (including) | 3.0.stable5 (including) |
| Squid | Squid-cache | 3.0.stable6 (including) | 3.0.stable6 (including) |
| Squid | Squid-cache | 3.0.stable7 (including) | 3.0.stable7 (including) |
| Squid | Squid-cache | 3.0.stable8 (including) | 3.0.stable8 (including) |
| Squid | Squid-cache | 3.0.stable9 (including) | 3.0.stable9 (including) |
| Squid | Squid-cache | 3.0.stable11 (including) | 3.0.stable11 (including) |
| Squid | Squid-cache | 3.0.stable12 (including) | 3.0.stable12 (including) |
| Squid | Squid-cache | 3.0.stable13 (including) | 3.0.stable13 (including) |
| Squid | Squid-cache | 3.0.stable14 (including) | 3.0.stable14 (including) |
| Squid | Squid-cache | 3.0.stable15 (including) | 3.0.stable15 (including) |
| Squid | Squid-cache | 3.0.stable16 (including) | 3.0.stable16 (including) |
| Squid | Squid-cache | 3.0.stable17 (including) | 3.0.stable17 (including) |
| Squid | Squid-cache | 3.0.stable18 (including) | 3.0.stable18 (including) |
| Squid | Squid-cache | 3.0.stable19 (including) | 3.0.stable19 (including) |
| Squid | Squid-cache | 3.0.stable20 (including) | 3.0.stable20 (including) |
| Squid | Squid-cache | 3.0.stable21 (including) | 3.0.stable21 (including) |
| Squid | Squid-cache | 3.0.stable22 (including) | 3.0.stable22 (including) |
| Squid | Squid-cache | 3.0.stable23 (including) | 3.0.stable23 (including) |