Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2654

Description

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Affected products

Squid (software)/Squid
cpe:2.3:a:squid:squid:2.5_stable5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/12754nvdPatchVendor Advisory
secunia.com/advisories/12508nvdVendor Advisory
securitytracker.com/idnvd
www.attrition.org/pipermail/vim/2006-February/000570.htmlnvd
www.osvdb.org/9801nvd
www.securitylab.ru/47881.htmlnvd
www.squid-cache.org/bugs/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000