{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2004-12-31T05:00:00Z",
  "id": "CVE-2004-2654",
  "details": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference.  NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/12508"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/12754"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/12754"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1011214"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/9801"
    },
    {
      "type": "WEB",
      "url": "http://www.securitylab.ru/47881.html"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
    }
  ]
}