A denial of service vulnerability has reported in Squid Proxy. The vulnerability is due to an error when processing specially crafted Hypertext Caching Protocol (HTCP) packets. Remote attackers can exploit this issue by sending malicious HTCP packets to the target server.

Successful exploitation could result in a denial of service condition.

The vendor has released patches and new versions to address this issue:

http://www.squid-cache.org/Download

• Squid Project Squid 2.x prior to 2.7.STABLE8
• Squid Project Squid 3.0 prior to 3.0.STABLE24

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is NONE
• Impact of this vulnerability on data integrity is NONE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED