HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid-cgi" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid-purge" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid3" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid3-common" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squid3-dbg" }, { "binary_version": "3.3.8-1ubuntu6.1", "binary_name": "squidclient" } ] }