Squid "strHdrAcptLangGetItem()" Denial of Service
Squid "strHdrAcptLangGetItem()" Denial of Service Vulnerability
Release Date : 2013-03-12
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround
Software: Squid 3.x
A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the "strHdrAcptLangGetItem()" function (errorpage.cc) when handling the "Accept-Language" header. This can be exploited to trigger an infinite loop and consume CPU resources.
The vulnerability is reported in versions 3.3.2 and prior and versions 3.2.8 and prior.
Provided and/or discovered by:
22733db72ab3ed94b5f8a1ffcde850251fe6f466, c8e74ebd8392fda4788179f9a02bb49337638e7b, and AKAT-1