Vulnerability Note VU#823350

Squid fails to properly handle oversized reply headers

Original Release date: 04 Feb 2005 | Last revised: 07 Feb 2005


The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.


Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly.


The complete impact of this vulnerability is not yet known. This vulnerability is platform independent.


Apply an update

Administrators should obtain an updated version of Squid from their vendor.

Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch

This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
SquidAffected-04 Feb 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.

This document was written by Ken MacInnis based primarily on information provided by Team Squid.

Other Information

  • CVE IDs: Unknown
  • Date Public: 31 Jan 2005
  • Date First Published: 04 Feb 2005
  • Date Last Updated: 07 Feb 2005
  • Severity Metric: 1.20
  • Document Revision: 17


If you have feedback, comments, or additional information about this vulnerability, please send us email.