store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
Squid
  • Squid

Configuration 1 [-]

OR cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
squid-7:2.5.STABLE3-6.3E.14 cpe:/o:redhat:enterprise_linux:3 RHSA-2005:766 2005-09-15T00:00:00Z
Red Hat Enterprise Linux 4
squid-7:2.5.STABLE6-3.4E.11 cpe:/o:redhat:enterprise_linux:4 RHSA-2005:766 2005-09-15T00:00:00Z
References
Link Providers
http://fedoranews.org/updates/FEDORA--.shtml cve-icon cve-icon
http://secunia.com/advisories/16977 cve-icon cve-icon
http://secunia.com/advisories/17027 cve-icon cve-icon
http://www.debian.org/security/2005/dsa-809 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2005:162 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2005_21_sr.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2005_53_squid.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-766.html cve-icon cve-icon
http://www.securityfocus.com/bid/14761 cve-icon cve-icon
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2005-2794 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2005-2794 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-09-07T04:00:00

Updated: 2024-08-07T22:45:02.303Z

Reserved: 2005-09-06T00:00:00

Link: CVE-2005-2794

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-09-07T18:03:00.000

Modified: 2017-10-11T01:30:19.810

Link: CVE-2005-2794

cve-icon Redhat

Severity : Important

Publid Date: 2005-09-01T00:00:00Z

Links: CVE-2005-2794 - Bugzilla