CVE-2004-0918

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Published: 2005-01-27 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-0918 is rated Moderate Risk (49.5/100): CVSS Medium severity, with high exploitation likelihood (EPSS 68.74%, 99th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2004-0918

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 77.72% 68.74% -8.98%
2 2025-03-29 68.74% 77.72% +8.98%
3 2025-03-19 68.74%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0918

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2004-0918

OS Trackers for CVE-2004-0918

vendor priority summary link
debian not yet assigned CVE-2004-0918 not yet assigned priority: Debian including 1 source packages (squid), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2004-0918
gentoo normal CVE-2004-0918: 1 GLSA(s) (200410-15), 1 atom(s) (net-proxy/squid); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2004-0918
redhat high https://access.redhat.com/security/cve/CVE-2004-0918
ubuntu medium CVE-2004-0918 medium priority: Ubuntu including 1 source packages (squid), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1. https://ubuntu.com/security/CVE-2004-0918

Affected software / configurations for CVE-2004-0918

Vendor Product Version Raw CPE
openpkg openpkg 2.1 cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
openpkg openpkg 2.2 cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
openpkg openpkg current cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
squid squid 2.0_patch2 cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*
squid squid 2.1_patch2 cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*
squid squid 2.3_.stable4 cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*
squid squid 2.3_.stable5 cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*
squid squid 2.4 cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
squid squid 2.4_.stable2 cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*
squid squid 2.4_.stable6 cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*
squid squid 2.4_.stable7 cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*
squid squid 2.5_.stable1 cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*
squid squid 2.5_.stable3 cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*
squid squid 2.5_.stable4 cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*
squid squid 2.5_.stable5 cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*
squid squid 2.5_.stable6 cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*
squid squid 3.0_pre1 cpe:2.3:a:squid:squid:3.0_pre1:*:*:*:*:*:*:*
squid squid 3.0_pre2 cpe:2.3:a:squid:squid:3.0_pre2:*:*:*:*:*:*:*
squid squid 3.0_pre3 cpe:2.3:a:squid:squid:3.0_pre3:*:*:*:*:*:*:*
gentoo linux cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
redhat fedora_core core_2.0 cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
trustix secure_linux 1.5 cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
trustix secure_linux 2.0 cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
trustix secure_linux 2.1 cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
ubuntu ubuntu_linux 4.1 cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
ubuntu ubuntu_linux 4.1 cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

References for CVE-2004-0918

URL Tags
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
http://fedoranews.org/updates/FEDORA--.shtml
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://marc.info/?l=bugtraq&m=109913064629327&w=2
http://secunia.com/advisories/30914 Vendor Advisory
http://secunia.com/advisories/30967 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false
http://www.redhat.com/support/errata/RHSA-2004-591.html Patch Vendor Advisory
http://www.securityfocus.com/bid/11385 Patch Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2004_3.txt
http://www.squid-cache.org/Advisories/SQUID-2008_1.txt
http://www.vupen.com/english/advisories/2008/1969/references Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html
cvelogic Threat Intelligence