CVE-2009-3826 - Vulnerability Details - OpenCVE

Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Squidguard	Squidguard

Configuration 1 [-]

cpe:2.3:a:squidguard:squidguard:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/37107
http://secunia.com/advisories/39679
http://securitytracker.com/id?1023079
http://www.debian.org/security/2010/dsa-2040
http://www.osvdb.org/59164
http://www.securityfocus.com/archive/1/507440/100/0/threaded
http://www.securityfocus.com/bid/36800
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
http://www.vupen.com/english/advisories/2009/3013
http://www.vupen.com/english/advisories/2010/1043
https://exchange.xforce.ibmcloud.com/vulnerabilities/53922
https://www.cve.org/CVERecord?id=CVE-2009-3826

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2009-3826

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2009-3826 https://www.cve.org/CVERecord?id=CVE-2009-3826

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-28T14:00:00

Updated: 2024-08-07T06:38:30.350Z

Reserved: 2009-10-28T00:00:00

Link: CVE-2009-3826

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-10-28T14:30:00.297

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3826

Redhat

Severity : Moderate

Publid Date: 2009-10-15T00:00:00Z

Links: CVE-2009-3826 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"}, {"name": "squidguard-url-security-bypass(53922)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53922"}, {"name": "ADV-2009-3013", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3013"}, {"name": "1023079", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023079"}, {"name": "37107", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37107"}, {"name": "ADV-2010-1043", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1043"}, {"name": "59164", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/59164"}, {"name": "DSA-2040", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2040"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "36800", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36800"}, {"name": "39679", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39679"}, {"name": "20091026 squidGuard 1.3 & 1.4 : buffer overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507440/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019", "refsource": "CONFIRM", "url": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"}, {"name": "squidguard-url-security-bypass(53922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53922"}, {"name": "ADV-2009-3013", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3013"}, {"name": "1023079", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023079"}, {"name": "37107", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37107"}, {"name": "ADV-2010-1043", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1043"}, {"name": "59164", "refsource": "OSVDB", "url": "http://www.osvdb.org/59164"}, {"name": "DSA-2040", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2040"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "36800", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36800"}, {"name": "39679", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39679"}, {"name": "20091026 squidGuard 1.3 & 1.4 : buffer overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507440/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:38:30.350Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"}, {"name": "squidguard-url-security-bypass(53922)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53922"}, {"name": "ADV-2009-3013", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3013"}, {"name": "1023079", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023079"}, {"name": "37107", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37107"}, {"name": "ADV-2010-1043", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1043"}, {"name": "59164", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/59164"}, {"name": "DSA-2040", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2040"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "36800", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36800"}, {"name": "39679", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39679"}, {"name": "20091026 squidGuard 1.3 & 1.4 : buffer overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507440/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3826", "datePublished": "2009-10-28T14:00:00", "dateReserved": "2009-10-28T00:00:00", "dateUpdated": "2024-08-07T06:38:30.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squidguard:squidguard:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A13B1EC-6F1F-4A9A-A9AC-65548B3E27B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL."}, {"lang": "es", "value": "M\u00faltiples desbordamiento de b\u00fafer en squidGuard v1.4 permite a atacantes remotos eludir el bloqueo de URL a trav\u00e9s de una URL larga, referido a (1)relaciones entre el tama\u00f1o de cierto b\u00fafer en squidGuard y el tama\u00f1o de cierto b\u00fafer en Squid y (2) una redirecci\u00f3n URL que contiene informaci\u00f3n sobre las petici\u00f3n URL original."}], "id": "CVE-2009-3826", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-28T14:30:00.297", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37107"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39679"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1023079"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2040"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/59164"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/507440/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36800"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3013"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1043"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/59164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/507440/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53922"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}