DescriptionThe (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2004:032, published Wednesday, Sep 15th 2004 16:00 MEST
- SUSE-SA:2004:033, published Wednesday, Sep 17th 2004 12:00 MEST
- SUSE-SA:2004:034, published Friday, Sep 17th 2004 14:23 MEST
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:58:30 2013
CVE page last modified: Fri Oct 7 12:45:29 2022