CVE-2005-0446
squid - mising input sanitising
EPSS 65.9%
Description
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
How to fix CVE-2005-0446
To remediate CVE-2005-0446, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 2.5.8-3 or later
- Debian/squid—upgrade to 2.4.6-2woody7 or later
Is CVE-2005-0446 being exploited?
Likely — EPSS is 65.9%, placing CVE-2005-0446 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.5.8-3
- from 0, < 2.4.6-2woody7