Description

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Remediation

References

CVE-2013-1839

Related Vulnerabilities

Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)

MySQL CVE-2022-21330 Vulnerability (CVE-2022-21330)

Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4293)

Severity

High

Classification

CVE-2013-1839 CWE-20

Tags

Missing Update Known Vulnerabilities