CVE-2009-3700

Description

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode."

References

Link	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/53921	vdb entry
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015	patch vendor advisory
http://www.vupen.com/english/advisories/2009/3013	vdb entry patch vendor advisory
http://securitytracker.com/id?1023079	vdb entry
http://secunia.com/advisories/37107	third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/1043	vdb entry
http://www.osvdb.org/59163	vdb entry
http://www.debian.org/security/2010/dsa-2040	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	vendor advisory
http://www.securityfocus.com/bid/36800	vdb entry patch
http://secunia.com/advisories/39679	third party advisory
http://www.securityfocus.com/archive/1/507440/100/0/threaded	mailing list

Frequently Asked Questions

What is the severity of CVE-2009-3700?: CVE-2009-3700 has been scored as a medium severity vulnerability.
How to fix CVE-2009-3700?: To fix CVE-2009-3700, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-3700 being actively exploited in the wild?: It is possible that CVE-2009-3700 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions