Squid CVE-2014-3609 Remote Denial of Service Vulnerability

Bugtraq ID:	69453
Class:	Input Validation Error
CVE:	CVE-2014-3609
Remote:	Yes
Local:	No
Published:	Aug 27 2014 12:00AM
Updated:	Nov 03 2015 07:04PM
Credit:	Matthew Daley
Vulnerable:	Squid-Cache Squid 3.1.5 Squid-Cache Squid 3.1.4 Squid-Cache Squid 3.1.7 Squid-Cache Squid 3.1.6 Squid-Cache Squid 3.1.5.1 Squid-Cache Squid 3.1.3 Squid-Cache Squid 3.1.2 Squid-Cache Squid 3.1.1 Squid-Cache Squid 3.1.0.9 Squid-Cache Squid 3.1.0.8 Squid-Cache Squid 3.1.0.7 Squid-Cache Squid 3.1.0.6 Squid-Cache Squid 3.1.0.3 Squid-Cache Squid 3.1.0.2 Squid-Cache Squid 3.1.0.18 Squid-Cache Squid 3.1.0.17 Squid-Cache Squid 3.1.0.16 Squid-Cache Squid 3.1.0.14 Squid-Cache Squid 3.1.0.13 Squid-Cache Squid 3.1.0.12 Squid-Cache Squid 3.1.0.11 Squid-Cache Squid 3.1.0.10 Squid-Cache Squid 3.1.0.1 Squid-Cache Squid 3.1 Squid-Cache Squid 3.0 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CentOS CentOS 6
Not Vulnerable:

Squid CVE-2014-3609 Remote Denial of Service Vulnerability

Squid is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

Squid versions 3.0 through 3.3.12, and 3.4 through 3.4.6 are vulnerable.

Squid CVE-2014-3609 Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.