Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201411-11
HistoryNov 27, 2014 - 12:00 a.m.

Squid: Multiple vulnerabilities

2014-11-2700:00:00
Gentoo Foundation
security.gentoo.org
14

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.938 High

EPSS

Percentile

99.1%

JSON

Background

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Description

An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests.

Impact

A remote attacker could send a specially crafted request, possibly resulting in a executing of arbitrary code or Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Squid users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.3.13-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-proxy/squid< 3.3.13-r1UNKNOWN

Related

nessus 19
openvas 19
securityvulns 4
ubuntu 1
mageia 3
prion 3
debiancve 3
cve 3
ubuntucve 3
seebug 1
oraclelinux 1
centos 1
redhat 1
veracode 1
fedora 2
amazon 2
suse 2
nessus
nessus
GLSA-201411-11 : Squid: Multiple vulnerabilities
2014-11-28 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2015:103)
2015-03-30 00:00:00
Ubuntu 14.04 LTS : Squid vulnerabilities (USN-2422-1)
2014-11-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201411-11
2015-09-29 00:00:00
Ubuntu: Security Advisory (USN-2422-1)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2014-0396)
2022-01-28 00:00:00
securityvulns
securityvulns
squid security vulnerabilities
2014-11-30 00:00:00
[USN-2422-1] Squid vulnerabilities
2014-11-30 00:00:00
squid DoS
2014-06-14 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2014-11-25 00:00:00
mageia
mageia
Updated squid packages fix security vulnerabilities
2014-10-07 13:22:51
Updated squid packages fix CVE-2014-0128
2014-04-09 09:36:34
Updated squid package fixes CVE-2014-0128
2014-04-24 23:04:48
prion
prion
Out-of-bounds
2014-11-26 15:59:00
Design/Logic Flaw
2014-11-26 15:59:00
Server side request forgery (ssrf)
2014-04-14 15:09:00
debiancve
debiancve
CVE-2014-7141
2014-11-26 15:59:00
CVE-2014-7142
2014-11-26 15:59:00
CVE-2014-0128
2014-04-14 15:09:00
cve
cve
CVE-2014-7141
2014-11-26 15:59:00
CVE-2014-7142
2014-11-26 15:59:00
CVE-2014-0128
2014-04-14 15:09:00
ubuntucve
ubuntucve
CVE-2014-7141
2014-09-23 00:00:00
CVE-2014-7142
2014-09-23 00:00:00
CVE-2014-0128
2014-04-14 00:00:00
seebug
seebug
Squid SSL-Bump HTTPS请求处理拒绝服务漏洞
2014-03-13 00:00:00
oraclelinux
oraclelinux
squid security update
2014-06-03 00:00:00
centos
centos
squid security update
2014-06-04 10:04:04
redhat
redhat
(RHSA-2014:0597) Moderate: squid security update
2014-06-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:52:42
fedora
fedora
[SECURITY] Fedora 20 Update: squid-3.3.12-1.fc20
2014-04-02 09:19:07
[SECURITY] Fedora 19 Update: squid-3.3.12-1.fc19
2014-04-15 15:38:43
amazon
amazon
Medium: squid
2014-06-15 16:22:00
Important: squid
2014-10-22 20:04:00
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.938 High

EPSS

Percentile

99.1%

JSON
Related for GLSA-201411-11
nessus19openvas19securityvulns4ubuntu1mageia3prion3debiancve3cve3ubuntucve3seebug1oraclelinux1centos1redhat1veracode1fedora2amazon2suse2