FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- correct handling of oversized HTTP reply headers

Affected packages
squid < 2.5.7_12


VuXML ID bfda39de-7467-11d9-9e1e-c296ac722cb3
Discovery 2005-01-31
Entry 2005-02-08

The squid patches page notes:

This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.

It is believed that this bug may lead to cache pollution or allow access controls to be bypassed.


CERT/CC Vulnerability Note 823350
CVE Name CVE-2005-0241
FreeBSD PR ports/76967