The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
2005-01-15T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | squid | squid | 2.0_patch2 | Yes |
| Application | squid | squid | 2.1_patch2 | Yes |
| Application | squid | squid | 2.3_.stable4 | Yes |
| Application | squid | squid | 2.3_.stable5 | Yes |
| Application | squid | squid | 2.3_stable5 | Yes |
| Application | squid | squid | 2.4 | Yes |
| Application | squid | squid | 2.4_.stable2 | Yes |
| Application | squid | squid | 2.4_.stable6 | Yes |
| Application | squid | squid | 2.4_.stable7 | Yes |
| Application | squid | squid | 2.4_stable7 | Yes |
| Application | squid | squid | 2.5.6 | Yes |
| Application | squid | squid | 2.5.stable1 | Yes |
| Application | squid | squid | 2.5.stable2 | Yes |
| Application | squid | squid | 2.5.stable3 | Yes |
| Application | squid | squid | 2.5.stable4 | Yes |
| Application | squid | squid | 2.5.stable5 | Yes |
| Application | squid | squid | 2.5.stable6 | Yes |
| Application | squid | squid | 2.5.stable7 | Yes |
| Application | squid | squid | 2.5_.stable1 | Yes |
| Application | squid | squid | 2.5_.stable3 | Yes |
| Application | squid | squid | 2.5_.stable4 | Yes |
| Application | squid | squid | 2.5_.stable5 | Yes |
| Application | squid | squid | 2.5_.stable6 | Yes |
| Application | squid | squid | 2.5_stable3 | Yes |
| Application | squid | squid | 2.5_stable4 | Yes |
| Application | squid | squid | 2.5_stable9 | Yes |
| Application | squid | squid | 2.6.stable1 | Yes |