Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2654


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2654
Last Modified 05 Sep 2008 04:44:44
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Vulnerable Systems


  • Squid 2.5 Stable5


SECUNIA - 12754



OSVDB - 9801

VIM - 20060223 old Squid clientAbortBody issue - NOT an overflow?

SECTRACK - 1011214

SECUNIA - 12508

Last Updated: 27 May 2016 10:39:34